Adversary Models and Privacy, 2014

 

	Adversary Models and Privacy 2014

The need to understand adversarial behavior in light of new technologies is always important. Using models to understand their behavior is an important element in the Science of Security, particularly in the context of threats to privacy—data privacy, location privacy, and other forms. The research presented here was performed in 2014 and recovered on June 30, 2015.

---

Wei Wang; Qian Zhang, “A Stochastic Game for Privacy Preserving Context Sensing on Mobile Phone,” INFOCOM, 2014 Proceedings IEEE, vol., no., pp. 2328, 2336, April 27 2014-May 2 2014. doi:10.1109/INFOCOM.2014.6848177
Abstract: The proliferation of sensor-equipped smartphones has enabled an increasing number of context-aware applications that provide personalized services based on users' contexts. However, most of these applications aggressively collect users sensing data without providing clear statements on the usage and disclosure strategies of such sensitive information, which raises severe privacy concerns and leads to some initial investigation on privacy preservation mechanisms design. While most prior studies have assumed static adversary models, we investigate the context dynamics and call attention to the existence of intelligent adversaries. In this paper, we first identify the context privacy problem with consideration of the context dynamics and malicious adversaries with capabilities of adjusting their attacking strategies, and then formulate the interactive competition between users and adversaries as a zero-sum stochastic game. In addition, we propose an efficient minimax learning algorithm to obtain the optimal defense strategy. Our evaluations on real smartphone context traces of 94 users validate the proposed algorithm.
Keywords: data privacy; learning (artificial intelligence);minimax techniques; smart phones; stochastic games; ubiquitous computing; attacking strategy; context dynamics; context privacy problem; context-aware application; disclosure strategy; intelligent adversary; interactive competition; minimax learning algorithm; mobile phone; optimal defense strategy; personalized services; privacy preservation mechanisms design; privacy preserving context sensing; sensor-equipped smartphones; static adversary model; user context; user sensing data; zero-sum stochastic game; Context; Context-aware services; Games; Privacy; Sensors; Smart phones; Stochastic processes (ID#: 15-6301)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6848177&isnumber=6847911 

Ren-Hung Hwang; Fu-Hui Huang, “SocialCloaking: A Distributed Architecture for K-Anonymity Location Privacy Protection,” Computing, Networking and Communications (ICNC), 2014 International Conference on, vol., no., pp. 247, 251, 3-6 Feb. 2014. doi:10.1109/ICCNC.2014.6785340
Abstract: As location information becomes commonly available in smart phones, applications of Location Based Service (LBS) has also become very popular and are widely used by smart phone users. Since the query of LBS contains user's location, it raises a privacy concern of exposure of user's location. K-anonymity is a commonly adopted technique for location privacy protection. In the literature, a centralized architecture which consists of a trusted anonymity server is widely adopted. However, this approach exhibits several apparent weaknesses, such as single point of failure, performance bottleneck, serious security threats, and not trustable to users, etc. In this paper, we re-examine the location privacy protection problem in LBS applications. We first provide an overview of the problem itself, to include types of query, privacy protection methods, adversary models, system architectures, and their related works in the literature. We then discuss the challenges of adopting a distributed architecture which does not need to set up a trusted anonymity server and propose a solution by combining unique features of structured peer-to-peer architecture and trust relationships among users of their on-line social networking relations.
Keywords: data privacy; mobile computing; query processing; social networking (online); trusted computing; K-anonymity location privacy protection; LBS query; SocialCloaking; adversary model; centralized architecture; distributed architecture; failure point; location information; location-based service; on-line social networking relation; security threat; smart phones; structured peer-to-peer architecture; system architecture; trust relationship; trusted anonymity server; user location; Computer architecture; Mobile communication; Mobile handsets; Peer-to-peer computing; Privacy; Servers; Trajectory; Distributed Anonymity Server Architecture; Location Based Service; Location Privacy; Peer-to-Peer; Social Networking (ID#: 15-6302)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6785340&isnumber=6785290 

Kulkarni, S.; Saha, S.; Hockenbury, R., “Preserving Privacy in Sensor-Fog Networks,” Internet Technology and Secured Transactions (ICITST), 2014 9th International Conference for, vol., no., pp. 96, 99, 8-10 Dec. 2014. doi:10.1109/ICITST.2014.7038785
Abstract: To address the privacy-utility tradeoff associated with wireless sensor networks in general, and a smart television remote in particular, we study and test usability factors and privacy aspects associated with the current framework models of a TV remote, and port the paradigm of Fog computing to arrive at an optimal solution. A Fog node, being closer to the end-devices not only mitigates the problem of latency but also enables computationally expensive operations, which were earlier possible only at cloud-side. We explore various adversary models, which can potentially compromise our framework and suggest measures to help avoid them.
Keywords: digital television; distributed algorithms; public key cryptography; wireless sensor networks; TV remote; fog computing; privacy; public key cryptography; sensor-fog network; smart television remote; wireless sensor network; Accelerometers; Accuracy; Computational modeling; Feature extraction; Privacy; Public key cryptography; TV; fog; smart; utility (ID#: 15-6303)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7038785&isnumber=7038754 

Kui Xu; Danfeng Yao; Perez-Quinones, M.A.; Link, C.; Geller, E.S., “Role-Playing Game for Studying User Behaviors in Security: A Case Study on Email Secrecy,” Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom), 2014 International Conference on, vol., no., pp.18, 26, 22-25 Oct. 2014. doi: (not provided)
Abstract: Understanding the capabilities of adversaries (e.g., how much the adversary knows about a target) is important for building strong security defenses. Computing an adversary's knowledge about a target requires new modeling techniques and experimental methods. Our work describes a quantitative analysis technique for modeling an adversary's knowledge about private information at workplace. Our technical enabler is a new emulation environment for conducting user experiments on attack behaviors. We develop a role-playing cyber game for our evaluation, where the participants take on the adversary role to launch ID theft attacks by answering challenge questions about a target. We measure an adversary's knowledge based on how well he or she answers the authentication questions about a target. We present our empirical modeling results based on the data collected from a total of 36 users.
Keywords: Internet; behavioural sciences computing; computer games; data privacy; message authentication; unsolicited e-mail; ID theft attack; email secrecy; quantitative analysis technique; role-playing cyber game; security defenses; user behavior; Authentication; Educational institutions; Electronic mail; Games; Privacy; Servers; Social network services (ID#: 15-6304)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7014546&isnumber=7011734 

Nagendrakumar, S.; Aparna, R.; Ramesh, S., “A Non-Grouping Anonymity Model for Preserving Privacy in Health Data Publishing,” Science Engineering and Management Research (ICSEMR), 2014 International Conference on, vol., no., pp. 1, 6,
27-29 Nov. 2014. doi:10.1109/ICSEMR.2014.7043554
Abstract: Publishing health data may jeopardize privacy breaches, since they contain sensitive information about the individuals. Privacy preserving data publishing (PPDP) addresses the problem of revealing sensitive data when extracting the useful data. The existing privacy models are group based anonymity models. Hence, these models consider the privacy of the individual only in a group based manner. And those groups are the hunting ground for the adversaries. All data re-identification attacks are based on the group of records. The root cause behind our approach is that the k-anonymity problem can be viewed as a clustering approach. Though the k-anonymity problem does not insist on the number of clusters, it requires that each group must contain at least k-records. We propose a Non-Grouping Anonymity model; this gives a basic level of anonymization that prevents an individual being re-identified from their published data.
Keywords: data privacy; electronic publishing; medical information systems; pattern clustering; security of data; PPDP; anonymization; clustering approach; data re-identification attacks; group based anonymity model; health data publishing privacy; k-anonymity problem; nongrouping anonymity model; privacy breaches; privacy model; privacy preserving data publishing; sensitive data; sensitive information; Data models; Data privacy; Loss measurement; Privacy; Publishing; Taxonomy; Vegetation; Anonymity; Privacy in Data Publishing; data Privacy; data Utility (ID#: 15-6305)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7043554&isnumber=7043537 

Tiwari, P.K.; Chaturvedi, S., “Publishing Set Valued Data via M-Privacy,” Advances in Engineering and Technology Research (ICAETR), 2014 International Conference on, vol., no., pp. 1, 6, 1-2 Aug. 2014. doi:10.1109/ICAETR.2014.7012814
Abstract: It is very important to achieve security of data in distributed databases. With increasing in the usability of distributed database security issues regarding it are also going to be more complex. M-privacy is a very effective technique which may be used to achieve security of distributed databases. Set-valued data provides huge opportunities for a variety of data mining tasks. Most of the present data publishing techniques for set-valued data are refers to horizontal division based privacy models. Differential privacy method is totally opposite to horizontal based privacy method; it provides higher privacy guarantee and it is also sovereign of an adversary's environment information and computational capability. Set-valued data have high dimensionality so not any single existing data publishing approach for differential privacy can be applied for both utility and scalability. This work provided detailed information about this new threat, and gave some assistance to resolve it. At the start we introduced the concept of m-privacy. This concept guarantees that the anonymous data will satisfies a given privacy check next to any group of up to m colluding data providers. After it we presented heuristic approach for exploiting the monotonicity of confidentiality constraints for proficiently inspecting m-privacy given a cluster of records. Next, we have presented a data provider-aware anonymization approach with adaptive m-privacy inspection strategies to guarantee high usefulness and m-privacy of anonymized data with effectiveness. Finally, we proposed secured multi-party calculation protocols for set valued data publishing with m-privacy.
Keywords: data mining; data privacy; distributed databases; adaptive m-privacy inspection strategies; anonymous data; computational capability; confidentiality constraints monotonicity; data mining tasks; data provider-aware anonymization approach; data security; distributed database security; environment information; heuristic approach; horizontal division based privacy models; privacy check; privacy guarantee; privacy method; secured multiparty calculation protocols; set-valued data publishing techniques; threat; Algorithm design and analysis; Computational modeling; Data privacy; Distributed databases; Privacy; Publishing; Taxonomy; privacy; set-valued dataset (ID#: 15-6306)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7012814&isnumber=7012782 

Hui Cui; Yi Mu; Man Ho Au, “Public-Key Encryption Resilient against Linear Related-Key Attacks Revisited,” Trust, Security and Privacy in Computing and Communications (TrustCom), 2014 IEEE 13th International Conference on, vol., no., pp. 268, 275, 24-26 Sept. 2014. doi:10.1109/TrustCom.2014.37
Abstract: Wee (PKC'12) proposed a generic public-key encryption scheme in the setting of related-key attacks. Bellare, Paterson and Thomson (Asiacrypt'12) provided a framework enabling related-key attack (RKA) secure cryptographic primitives for a class of non-linear related-key derivation functions. However, in both of their constructions, the instantiations to achieve the full (not weak) RKA security are given under the scenario regarding the private key composed of single element. In other words, each element of the private key shares the same modification. However, this is impractical in real world. In this paper, we concentrate on the security of public-key encryption schemes under linear related-key attacks in the setting of multielement private keys (that is, the private key is composed of more than one element), where an adversary is allowed to tamper any part of this private key stored in a hardware device, and subsequently observes the outcome of a public key encryption system under this targeted modified private key. We define the security model for RKA secure public-key encryption schemes as chosen-cipher text and related-key attack (CC-RKA) security, which means that a public-key encryption scheme remains secure even when an adversary is allowed to issue the decryption oracle on linear shifts of any component of the private key. After that, we present a detailed public key encryption schemes with the private key formed of several elements, of which the CC-RKA security is under the decisional BDH assumption in the standard model.
Keywords: public key cryptography; Asiacrypt12; CC-RKA security; PKC12; chosen-cipher text; decisional BDH assumption; decryption oracle; linear related-key secure cryptographic primitives; multielement private keys; nonlinear related-key derivation functions; public-key encryption; standard model; Encryption; Hardware; Identity-based encryption; Resistance; Linear related-key attack; Public-key encryption (ID#: 15-6307)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7011260&isnumber=7011202 

Oya, S.; Troncosoy, C.; Perez-Gonzalez, F., “Understanding the Effects of Real-World Behavior in Statistical Disclosure Attacks,” Information Forensics and Security (WIFS), 2014 IEEE International Workshop on, vol., no., pp. 72, 77, 3-5 Dec. 2014. doi:10.1109/WIFS.2014.7084306
Abstract: High-latency anonymous communication systems prevent passive eavesdroppers from inferring communicating partners with certainty. However, disclosure attacks allow an adversary to recover users' behavioral profiles when communications are persistent. Understanding how the system parameters affect the privacy of the users against such attacks is crucial. Earlier work in the area analyzes the performance of disclosure attacks in controlled scenarios, where a certain model about the users' behavior is assumed. In this paper, we analyze the profiling accuracy of one of the most efficient disclosure attack, the least squares disclosure attack, in realistic scenarios. We generate real traffic observations from datasets of different nature and find that the models considered in previous work do not fit this realistic behavior. We relax previous hypotheses on the behavior of the users and extend previous performance analyses, validating our results with real data and providing new insights into the parameters that affect the protection of the users in the real world.
Keywords: data privacy; least squares approximations; security of data; statistical analysis; high-latency anonymous communication systems; least squares disclosure attack; passive eavesdroppers; profiling accuracy; real-world behavior; statistical disclosure attacks; user privacy; Analytical models; Approximation methods; Conferences; Electronic mail; Forensics; Performance analysis; Receivers; anonymity; mixes; performance analysis (ID#: 15-6308)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7084306&isnumber=7084286 

Ramachandran, S.; Chithan, S.; Ravindran, S., “A Cost-Effective Approach Towards Storage and Privacy Preserving for Intermediate Data Sets in Cloud Environment,” Recent Trends in Information Technology (ICRTIT), 2014 International Conference on, vol., no., pp. 1, 5, 10-12 April 2014. doi:10.1109/ICRTIT.2014.6996145
Abstract: Cloud computing offers pay-as-you-go model, where users only pay for their resource consumption. Many large applications utilize cloud computing. These applications generate a lot of essential intermediate results for future purpose. Storing all intermediate results is not a cost efficient approach. At the same time adversary may refer multiple intermediate result to steal the information. Likewise encrypting every part of intermediate results will increase computation cost for the user. The main aim of the system is to provide a cost effective approach for storing and providing privacy for the intermediate results.
Keywords: cloud computing; data privacy; cloud environment; computation cost; cost efficient approach; intermediate data set; pay-as-you-go model; privacy preservation; resource consumption; storage preservation; Cloud computing; Computational efficiency; Computational modeling; Data privacy; Encryption; Privacy; storage strategy (ID#: 15-6309)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6996145&isnumber=6996087 

Sidorov, V.; Wee Keong Ng, “Model of an Encrypted Cloud Relational Database Supporting Complex Predicates in WHERE Clause,” Cloud Computing (CLOUD), 2014 IEEE 7th International Conference on, vol., no., pp. 667, 672, June 27 2014–July 2 2014. doi:10.1109/CLOUD.2014.94
Abstract: Even though the concept of a Database-as-a-Service (DaaS) is becoming more popular and offers significant expenditure cuts, enterprises are still reluctant to migrate their data storing and processing to the cloud. One of the reasons to that is a lack of solid security guarantees. Encrypted database is one of the major approaches to address the security of cloud data processing. However, in order to provide processing capabilities over encrypted data, multiple techniques need to be combined and adjusted to work together. This paper introduces a modular and extensible framework model of an encrypted database, which makes it possible to execute a wide range of queries, including those with complex arithmetic expressions, retaining data privacy even with an adversary gaining full access to the database server. Proposed model could be used as a basis for encrypted database systems with various functional requirements.
Keywords: cloud computing; cryptography; relational databases; DaaS; WHERE clause; cloud data processing security; cloud relational database encryption; database-as-a-service; Data models; Databases; Encryption; Numerical models; Servers; cloud database security; complex query predicates; querying encrypted data (ID#: 15-6310)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6973800&isnumber=6973706 

Ajish, S.; Rajasree, R., “Secure Mail using Visual Cryptography (SMVC),” Computing, Communication and Networking Technologies (ICCCNT), 2014 International Conference on, vol., no., pp. 1, 7, 11-13 July 2014. doi:10.1109/ICCCNT.2014.6963148
Abstract: The E-mail messaging is one of the most popular uses of the Internet and the multiple Internet users can exchange messages within short span of time. Although the security of the E-mail messages is an important issue, no such security is supported by the Internet standards. One well known scheme, called PGP (Pretty Good Privacy) is used for personal security of E-mail messages. There is an attack on CFB Mode Encryption as used by OpenPGP. To overcome the attacks and to improve the security a new model is proposed which is "Secure Mail using Visual Cryptography". In the secure mail using visual cryptography the message to be transmitted is converted into a gray scale image. Then (2, 2) visual cryptographic shares are generated from the gray scale image. The shares are encrypted using A Chaos-Based Image Encryption Algorithm Using Wavelet Transform and authenticated using Public Key based Image Authentication method. One of the shares is send to a server and the second share is send to the recipient’s mail box. The two shares are transmitted through two different transmission medium so man in the middle attack is not possible. If an adversary has only one out of the two shares, then he has absolutely no information about the message. At the receiver side the two shares are fetched, decrypted and stacked to generate the grey scale image. From the grey scale image the message is reconstructed.
Keywords: chaos; data privacy; electronic mail; image processing; message authentication; public key cryptography; wavelet transforms;(2, 2) visual cryptography; CFB mode encryption; Internet standards; OpenPGP; SMVC; chaos-based image encryption algorithm; e-mail messaging; gray scale image; personal security; pretty good privacy; public key based image authentication method; receipent mail box; receiver side; secure mail using visual cryptography; transmission medium; wavelet transform; Electronic mail; Encryption; Heuristic algorithms; Receivers; Visualization; Wavelet transforms; chaos based image encryption algorithm; dynamic s-box algorithm; low frequency wavelet coefficient; pretty good privacy; visual cryptography; wavelet decomposition (ID#: 15-6311)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6963148&isnumber=6962988 

Pandit, A.; Polina, P.; Kumar, A., “CLOPRO: A Framework for Context Cloaking Privacy Protection,” Communication Systems and Network Technologies (CSNT), 2014 Fourth International Conference on, vol., no., pp. 782, 787, 7-9 April 2014. doi:10.1109/CSNT.2014.164
Abstract: Smartphones, loaded with users' personal information have become the primary computing device for many. This makes privacy an increasingly important issue. To protect the privacy of the context based service users we propose CLOPRO framework (Context Cloaking Privacy Protection) using two non-colluding servers. Each service request has three parameters: identity, context and actual query. The proposed, integrated framework achieves the identity privacy, the context privacy, and the query privacy to reduce the risk of an adversary linking all of the three parameters. The methodology used is as follows: A group of users having a similar query are clustered together, a unique id for each cluster of users is created ensuring identity privacy. The centroid of the location coordinates replaces the actual location for the users in the cluster for location privacy, the query abstraction at multiple levels ensures the query privacy. The refined query is then sent to the service provider for processing. The effectiveness of the proposed approach is established by analyzing CLOPRO privacy protection model and comparing it with the other approaches.
Keywords: data protection; pattern clustering; query processing; smart phones; CLOPRO privacy protection model; context based service users; context cloaking privacy protection; context privacy; identity privacy; noncolluding servers; query abstraction; query privacy; smartphones; Clustering algorithms; Context; Mobile communication; Mobile handsets; Privacy; Servers; Time factors; Abstraction; Anonymization; Clustering; Context Cloaking; Location Based Services; Privacy Protection (ID#: 15-6312)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6821506&isnumber=6821334 

Paverd, A.; Martin, A.; Brown, I., “Privacy-Enhanced Bi-Directional Communication in the Smart Grid Using Trusted Computing,” Smart Grid Communications (SmartGridComm), 2014 IEEE International Conference on, vol., no., pp. 872, 877, 3-6 Nov. 2014. doi:10.1109/SmartGridComm.2014.7007758
Abstract: Although privacy concerns in smart metering have been widely studied, relatively little attention has been given to privacy in bi-directional communication between consumers and service providers. Full bi-directional communication is necessary for incentive-based demand response (DR) protocols, such as demand bidding, in which consumers bid to reduce their energy consumption. However, this can reveal private information about consumers. Existing proposals for privacy-enhancing protocols do not support bi-directional communication. To address this challenge, we present a privacy-enhancing communication architecture that incorporates all three major information flows (network monitoring, billing and bi-directional DR) using a combination of spatial and temporal aggregation and differential privacy. The key element of our architecture is the Trustworthy Remote Entity (TRE), a node that is singularly trusted by mutually distrusting entities. The TRE differs from a trusted third party in that it uses Trusted Computing approaches and techniques to provide a technical foundation for its trustworthiness. A automated formal analysis of our communication architecture shows that it achieves its security and privacy objectives with respect to a previously-defined adversary model. This is therefore the first application of privacy-enhancing techniques to bi-directional smart grid communication between mutually distrusting agents.
Keywords: data privacy; energy consumption; incentive schemes; invoicing; power engineering computing; power system measurement; protocols; smart meters; smart power grids; trusted computing; TRE; automated formal analysis; bidirectional DR information flow; billing information flow; differential privacy; energy consumption reduction; incentive-based demand response protocol; network monitoring information flow; privacy-enhanced bidirectional smart grid communication architecture; privacy-enhancing protocol; smart metering; spatial aggregation; temporal aggregation; trusted computing; trustworthy remote entity; Bidirectional control; Computer architecture; Monitoring; Privacy; Protocols; Security; Smart grids (ID#: 15-6313)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7007758&isnumber=7007609 

Minami, K., “Preventing Denial-of-Request Inference Attacks in Location-Sharing Services," Mobile Computing and Ubiquitous Networking (ICMU), 2014 Seventh International Conference on, vol., no., pp. 50, 55, 6-8 Jan. 2014. doi:10.1109/ICMU.2014.6799057
Abstract: Location-sharing services (LSSs), such as Google Latitude, have been popular recently. However, location information is sensitive and access to it must be controlled carefully. We previously study an inference problem against an adversary who performs inference based on a Markov model that represents a user's mobility patterns. However, the Markov model does not capture the fact that a denial of a request enforced by the LSS itself implies that a target user is visiting some private location. In this paper, we develop an algorithmic model for representing this new class of inference attacks and conduct experiments with a real location dataset to show that threats posed by the denial-of-request inference attacks are significantly real.
Keywords: Global Positioning System; Markov processes; telecommunication security; Google Latitude; LSS; Markov model; denial-of-request inference attacks prevention; location-sharing services; private location; user mobility patterns; Global Positioning System; Hospitals; Inference algorithms; Libraries; Privacy; Trajectory (ID#: 15-6314)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6799057&isnumber=6799045 

Lopez, J.M.; Ruebsamen, T.; Westhoff, D., “Privacy-Friendly Cloud Audits with Somewhat Homomorphic and Searchable Encryption,” Innovations for Community Services (I4CS), 2014 14th International Conference on, vol., no., pp. 95, 103, 4-6 June 2014. doi:10.1109/I4CS.2014.6860559
Abstract: In this paper, we provide privacy enhancements for a software agent-based audit system for clouds. We also propose a general privacy enhancing cloud audit concept which, we do present based on a recently proposed framework. This framework introduces the use of audit agents for collecting digital evidence from different sources in cloud environments. Obviously, the elicitation and storage of such evidence leads to new privacy concerns of cloud customers, since it may reveal sensitive information about the utilization of cloud services. We remedy this by applying Somewhat Homomorphic Encryption (SHE) and Public-Key Searchable Encryption (PEKS) to the collection of digital evidence. By considering prominent audit event use cases we show that the amount of cleartext information provided to an evidence storing entity and subsequently to a third-party auditor can be shaped in a good balance taking into account both, i) the customers' privacy and ii) the fact that stored information may need to have probative value. We believe that the administrative domain responsible for an evidence storing database falls under the adversary model "honest-but-curious" and thus should perform query responses from the auditor with respect to a given cloud audit use case by purely performing operations on encrypted digital evidence data.
Keywords: cloud computing; public key cryptography; software agents; PEKS; SHE; cloud computing; cloud services; privacy-friendly cloud audits; public-key searchable encryption; searchable encryption; software agent-based audit system; somewhat homomorphic encryption; third-party auditor; Encryption; IP networks; Monitoring; Privacy; Public key; Audit; Cloud Computing; Computing on Encrypted Data; Evidence; Searchable Encryption; Somewhat Homomorphic Encryption (ID#: 15-6315)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6860559&isnumber=6860533 

Srihari Babu, D.V.; Reddy, P.C., “Secure Policy Agreement for Privacy Routing in Wireless Communication System,” Control, Instrumentation, Communication and Computational Technologies (ICCICCT), 2014 International Conference on, vol., no., pp. 739, 744, 10-11 July 2014. doi:10.1109/ICCICCT.2014.6993057
Abstract: Security and privacy are major issues which risk the wireless communication system in successful operation employment in Adhoc and Sensor networks. Message confidentiality can be assured through successful message or content encryption, but it is very difficult to address the source location privacy. A number of schemes and polices have been proposed to protect privacy in wireless networks. Many security schemes are offered but none of those provide complete security property for data packets and control packets. This paper proposes a secure policy agreement approach for open-privacy routing in wireless communication using location-centric communication model to achieve efficient security and privacy against both Internal and External adversary pretenders. To evaluate the performance of our proposal we analyze the security, privacy and performance comparisons to alternate techniques. Simulation result shows an improvisation in proposed policy and it is more efficient and offers better privacy when compare to the prior works.
Keywords: ad hoc networks; cryptography; data privacy; telecommunication network routing; wireless channels; wireless sensor networks; ad hoc networks; complete security property; content encryption; control packets; data packets; external adversary pretenders; internal adversary pretenders; location-centric communication; message confidentiality; message encryption; open-privacy routing; secure policy agreement; sensor networks; source location privacy; successful operation employment; wireless communication system; Mobile ad hoc networks; Privacy; Public key; Routing; Routing protocols; MANET; Privacy Routing; Secure policy; Wireless Communication (ID#: 15-6316)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6993057&isnumber=6992918 

Zheng Jiangyu; Tan Xiaobin; Cliff, Z.; Niu Yukun; Zhu Jin, “A Cloaking-Based Approach to Protect Location Privacy in Location-Based Services,” Control Conference (CCC), 2014 33rd Chinese, vol., no., pp. 5459, 5464, 28-30 July 2014. doi:10.1109/ChiCC.2014.6895872
Abstract: With the widespread use of mobile devices, the location-based service (LBS) applications become increasingly popular, which introduces the new security challenge to protect user's location privacy. On one hand, a user expects to report his own location as far as possible away from his real location to protect his location privacy. On the other hand, in order to obtain high quality of service (QoS), users are required to report their locations as accurate as possible. To achieve the dedicated tradeoff between privacy requirement and QoS requirement, we propose a novel approach based on cloaking technique. We also discuss the disadvantage of the traditional general system model and propose an improved model. The basic idea of our approach is to select a sub-area from the generated cloaking area as user's reported location. The sub-area may not contain a user's real location, which prevents an adversary from performing attack with side information. Specifically, by defining an objective function with a novel location privacy metric and a QoS metric, we are able to convert the privacy issue to an optimization problem. Then, location privacy metric and QoS metric are given. To reduce the complexity of the optimization, a heuristic algorithm is proposed. Through privacy-preserving analysis and comparison with related work [8], we demonstrate the effectiveness and efficiency of our approach.
Keywords: data protection; invisibility cloaks; mobility management (mobile radio); optimisation; quality of service; smart phones; telecommunication security; QoS metric; cloaking-based approach; heuristic algorithm; location privacy metric; location-based services; mobile devices; optimization problem; privacy preserving analysis; privacy requirement; security; user location privacy protection; Complexity theory; Heuristic algorithms; Measurement; Optimization; Privacy; Quality of service; Servers; Cloaking Area; Location Privacy; Location-based Services; k-anonymity (ID#: 15-6317)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6895872&isnumber=6895198 

Sam, M.M.; Vijayashanthi, N.; Sundhari, A., “An Efficient Pseudonymous Generation Scheme with Privacy Preservation for Vehicular Communication,” Intelligent Computing Applications (ICICA), 2014 International Conference on, vol., no., pp. 109, 117, 6-7 March 2014. doi:10.1109/ICICA.2014.32
Abstract: Vehicular Ad-Hoc Network (VANET) communication has recently become an increasingly popular research topic in the area of wireless networking as well as the automotive industries. The goal of VANET research is to develop a vehicular communication system to enable quick and cost efficient distribution of data for the benefit of passengers safety and comfort. But location privacy in vanet is still an imperative issue. To overcome this privacy, a popular approach that is recommended in vanet is that vehicles periodically change their pseudonyms when they broadcast safety messages. An Effective pseudonym changing at proper location(e.g., a road intersection when the traffic light turns red or a free parking lot near a shopping mall) (PCP) strategy to achieve the provable location privacy. In addition, we use Bilinear Pairing for self-delegated key generation. Current threat model primarily considers that an adversary can track a vehicle that can utilize more character factors to track a vehicle and to explore new location-privacy-enhanced techniques under such a stronger threat model.
Keywords: telecommunication security; vehicular ad hoc networks; VANET communication; VANET research; bilinear pairing; effective pseudonym changing; location-privacy-enhanced techniques; privacy preservation; pseudonymous generation scheme; road intersection; self-delegated key generation; vehicular ad-hoc network; vehicular communication; vehicular communication system; wireless networking; Analytical models; Authentication; Privacy; Roads; Safety; Vehicles; Vehicular ad hoc networks; Group- Signature-Based (GSB); Pseudonym Changing at Proper Location (PCP); RoadSide Units (RSUs); Trusted Authority (TA) (ID#: 15-6318)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6965022&isnumber=6964987 

Depeng Li; Aung, Z.; Williams, J.; Sanchez, A., “P2DR: Privacy-Preserving Demand Response System in Smart Grids,” Computing, Networking and Communications (ICNC), 2014 International Conference on, vol., no., pp. 41, 47, 3-6 Feb. 2014. doi:10.1109/ICCNC.2014.6785302
Abstract: Demand response programs are widely used to balance the supply and the demand in smart grids. They result in a reliable electric power system. Unfortunately, the privacy violation is a pressing challenge and increasingly affects the demand response programs because of the fact that power usage and operational data can be misused to infer personal information of customers. Without a consistent privacy preservation mechanism, adversaries can capture, model and divulge customers' behavior and activities at almost every level of society. This paper investigates a set of new privacy threat models focusing on financial rationality verse inconvenience. Furthermore, we design and implement a privacy protection protocol based on attributed-based encryptions. To demonstrate its feasibility, the protocol is adopted in several kinds of demand response programs. Real-world experiments show that our scheme merely incurs a substantially light overhead, but can address the formidable privacy challenges that customers are facing in demand response systems.
Keywords: cryptographic protocols; data privacy; power system reliability; smart power grids; P2DR; attributed-based encryptions; customer personal information; financial rationality verse inconvenience; operational data; power usage; privacy protection protocol; privacy threat; privacy-preserving demand response system; reliable electric power system; smart grids; substantially light overhead; supply demand balance; Control systems; Data privacy; Encryption; Load management; Protocols; Consumer privacy; Demand Response; Privacy Preservation; Smart Grids (ID#: 15-6319)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6785302&isnumber=6785290 

Gaofeng He; Ming Yang; Xiaodan Gu; Junzhou Luo; Yuanyuan Ma, “A Novel Active Website Fingerprinting Attack against Tor Anonymous System,” Computer Supported Cooperative Work in Design (CSCWD), Proceedings of the 2014 IEEE 18th International Conference on, vol., no., pp. 112, 117, 21-23 May 2014. doi:10.1109/CSCWD.2014.6846826
Abstract: Tor is a popular anonymizing network and the existing work shows that it can preserve users' privacy from website fingerprinting attacks well. However, based on our extensive analysis, we find it is the overlap of web objects in returned web pages that make the traffic features obfuscated, thus degrading the attack detection rate. In this paper, we propose a novel active website fingerprinting attack under Tor's local adversary model. The main idea resides in the fact that the attacker can delay HTTP requests originated from users for a certain period to isolate responding traffic segments containing different web objects. We deployed our attack in PlanetLab and the experiment lasted for one month. The SVM multi-classification algorithm was then applied on the collected datasets with the introduced features to identify the visited website among 100 top ranked websites in Alexa. Compared to the stat-of-the-art work, the classification result is improved from 48.5% to 65% by delaying at most 10 requests. We also analyzed the timing characteristics of Tor traffic to prove the stealth of our attack. The research results show that anonymity in Tor is not as strong as expected and should be enhanced in the future.
Keywords: Web sites; pattern classification; security of data; support vector machines; Alexa; HTTP requests; PlanetLab; SVM multiclassification algorithm; Tor anonymous system; Tor traffic; Web objects; Web pages; novel active Website fingerprinting attack; timing characteristics; traffic features; Accuracy; Browsers; Delays; Fingerprint recognition; Protocols; Support vector machines; Tor; active website fingerprinting; anonymous communication; pattern recognition; privacy; traffic analysis (ID#: 15-6320)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6846826&isnumber=6846800 

Le Ny, J.; Touati, A.; Pappas, G.J., “Real-Time Privacy-Preserving Model-Based Estimation of Traffic Flows,” Cyber-Physical Systems (ICCPS), 2014 ACM/IEEE International Conference on, vol., no., pp. 92, 102, 14-17 April 2014.  doi:10.1109/ICCPS.2014.6843714
Abstract: Road traffic information systems rely on data streams provided by various sensors, e.g., loop detectors, cameras, or GPS, containing potentially sensitive location information about private users. This paper presents an approach to enhance real-time traffic state estimators using fixed sensors with a privacy-preserving scheme providing formal guarantees to the individuals traveling on the road network. Namely, our system implements differential privacy, a strong notion of privacy that protects users against adversaries with arbitrary side information. In contrast to previous privacy-preserving schemes for trajectory data and location-based services, our procedure relies heavily on a macroscopic hydrodynamic model of the aggregated traffic in order to limit the impact on estimation performance of the privacy-preserving mechanism. The practicality of the approach is illustrated with a differentially private reconstruction of a day of traffic on a section of I-880 North in California from raw single-loop detector data.
Keywords: data privacy; real-time systems; road traffic; state estimation; traffic information systems; data streams; real-time privacy-preserving model; real-time traffic state estimators; road network; road traffic information systems; traffic flow estimation; Data privacy; Density measurement; Detectors; Privacy; Roads; Vehicles; Differential privacy; intelligent transportation systems; privacy-preserving data assimilation (ID#: 15-6321)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6843714&isnumber=6843703 

Mardziel, P.; Alvim, M.S.; Hicks, M.; Clarkson, M.R., “Quantifying Information Flow for Dynamic Secrets,” Security and Privacy (SP), 2014 IEEE Symposium on, vol., no., pp. 540, 555, 18-21 May 2014. doi:10.1109/SP.2014.41
Abstract: A metric is proposed for quantifying leakage of information about secrets and about how secrets change over time. The metric is used with a model of information flow for probabilistic, interactive systems with adaptive adversaries. The model and metric are implemented in a probabilistic programming language and used to analyze several examples. The analysis demonstrates that adaptivity increases information flow.
Keywords: cryptography; high level languages; interactive systems; probability; dynamic secrets; information flow; information leakage; interactive systems; probabilistic programming language; probabilistic systems; Adaptation models; Automata; Context; History; Measurement; Probabilistic logic; Security; dynamic secret; gain function; probabilistic programming; quantitative information flow; vulnerability (ID#: 15-6322)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6956586&isnumber=6956545 

Chaohui Du; Guoqiang Bai, “Attacks on Physically-Embedded Data Encryption for Embedded Devices,” Trust, Security and Privacy in Computing and Communications (TrustCom), 2014 IEEE 13th International Conference on, vol., no., pp. 967, 972, 24-26 Sept. 2014. doi:10.1109/TrustCom.2014.128
Abstract: Data encryption is the primary method to protect embedded devices in the hostile environment. The security of the traditional data encryption algorithms relies on keeping the keys secret and they always require a lot of arithmetic and logical computations, which may be not suitable for area critical or power critical embedded devices. At TrustCom 2013, Hou et al. Proposed to use a physical unclonable function (PUF) to build a novel physically-embedded data encryption (PEDE) for embedded devices. The PEDE is lightweight since all it does is xor-ing the plaintext with the output of a PUF. As the PUF is unique and unclonable, only the original physical device can decrypt the cipher text. Without possessing the original PEDE device, adversaries could not determine anything about the plaintext even if both the secret key and the cipher text are available to them. In this paper, we show that the existing PEDE architecture is sensitive to environmental variations, which leads to the fact that the decrypted plaintext does not equal to the original plaintext. Besides the lack of reliability, we also show that the existing PEDE architecture is vulnerable to known-plaintext attack and modeling attack. To address these issues, we propose a secure and robust PEDE architecture.
Keywords: cryptography; PEDE architecture; arithmetic computations; cipher text; embedded devices; known-plaintext attack; logical computations; modeling attack; physically-embedded data encryption; secret key; Computer architecture; Delays; Encryption; Generators; Robustness; Embedded device; Encryption; Known-plaintext attack; Modeling attack; Physical effect; Physical unclonable function; Reliability; Security (ID#: 15-6323)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7011354&isnumber=7011202
 

---

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.
 

---

Biometric Encryption and Privacy, 2014

	Biometric Encryption and Privacy 2014

The use of biometric encryption to control access and authentication is well established. New concerns about privacy create new issues for biometric encryption, however. The increased use of Cloud architectures compounds the problem of providing continuous re-authentication. The research cited here examines these issues. All work was presented in 2014.

---

Omar, M.N.; Salleh, M.; Bakhtiari, M., “Biometric Encryption to Enhance Confidentiality in Cloud Computing,” Biometrics and Security Technologies (ISBAST), 2014 International Symposium on, vol., no., pp. 45, 50, 26-27 Aug. 2014. doi:10.1109/ISBAST.2014.7013092
Abstract: Virtualization technology is the base technology used in Cloud computing. Therefore, virtualization enables Cloud computing to provide hardware and software services to the users on demand. Actually, many companies migrates to the Cloud computing for many reasons such as capabilities of processor, bus speed, size of storage, memory and managed to reduce the cost of dedicated servers. However, virtualization and Cloud computing contain many security weaknesses that affects the biometric data confidentiality in the Cloud computing. Those security issues are VM ware escape, hopping, mobility, diversity monitoring and etc. Furthermore, the privacy of a particular user is an issue in biometric data i.e. the face reorganization data for a famous and important people. Therefore, this paper proposed biometric encryption to improve the confidentiality in Cloud computing for biometric data. Also, this paper discussed virtualization for Cloud computing, as well as biometrics encryption. Indeed, this paper overviewed the security weaknesses of Cloud computing and how biometric encryption can improve the confidentiality in Cloud computing environment. Apart from this, confidentiality is enhanced in Cloud computing by using biometric encryption for biometric data. The novel approach of biometric encryption is to enhance the biometric data confidentiality in Cloud computing.
Keywords: biometrics (access control); cloud computing; cryptography; virtualisation; VM ware; biometric data confidentiality; biometric encryption; cloud computing; face reorganization data; hardware services; software services; virtualization technology; Bioinformatics; Biometrics (access control); Cloud computing; Encryption; Hardware; Virtualization; Biometric Encryption; Cloud computing; Virtualization (ID#: 15-5994)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7013092&isnumber=7013076

 

Valarmathi, R.; Sathiya Priya, S.S.; Kumar, P.K.; Sivamangai, N.M., “A Biometric Encryption Using Face Recognition System for Watch List,” Information Communication and Embedded Systems (ICICES), 2014 International Conference on, vol., no.,
pp. 1, 5, 27-28 Feb. 2014. doi:10.1109/ICICES.2014.7034018
Abstract: In recent years, it is necessary to protect individual privacy from unauthenticated persons. This paper presents a biometric encryption using face recognition system to identify known and unsuspected persons in watch list applications. The face recognition system is done by the Eigen face approach by PCA algorithm to simplify the authentication process, then to secure the Eigen faces generate the cryptographic key (RNG) and which key is bind that facial images. The faces are accepted as known or unknown face by after verification with present database.
Keywords: biometrics (access control); cryptography; data privacy; face recognition; principal component analysis; PCA algorithm; RNG; authentication process; biometric encryption; cryptographic key; eigen face approach; face recognition system; facial images; individual privacy protection; watch list; Databases; Encryption; Face; Face recognition; Feature extraction; Vectors; Biometric Encryption; Face Recognition; Privacy (ID#: 15-5995)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7034018&isnumber=7033740

 

Sharma, S.; Balasubramanian, V., “A Biometric Based Authentication and Encryption Framework for Sensor Health Data in Cloud,” Information Technology and Multimedia (ICIMU), 2014 International Conference on, vol., no., pp. 49, 54, 18-20 Nov. 2014. doi:10.1109/ICIMU.2014.7066602
Abstract: Use of remote healthcare monitoring application (HMA) can not only enable healthcare seeker to live a normal life while receiving treatment but also prevent critical healthcare situation through early intervention. For this to happen, the HMA have to provide continuous monitoring through sensors attached to the patient's body or in close proximity to the patient. Owing to elasticity nature of the cloud, recently, the implementation of HMA in cloud is of intense research. Although, cloud-based implementation provides scalability for implementation, the health data of patient is super-sensitive and requires high level of privacy and security for cloud-based shared storage. In addition, protection of real-time arrival of large volume of sensor data from continuous monitoring of patient poses bigger challenge. In this work, we propose a self-protective security framework for our cloud-based HMA. Our framework enable the sensor data in the cloud from (1) unauthorized access and (2) self-protect the data in case of breached access using biometrics. The framework is detailed in the paper using mathematical formulation and algorithms.
Keywords: biometrics (access control); cloud computing; cryptography; data privacy; health care; medical information systems; message authentication; patient monitoring; biometric based authentication; cloud-based HMA; cloud-based shared storage; encryption framework; privacy; remote healthcare monitoring application; self-protective security framework; sensor health data; Authentication; Bismuth; Encryption; Fingerprint recognition; Fingers; Medical services; Monitoring; Biometric; Biosensor; Cloud; Data Protection; Healthcare; Sensor data; self-protective (ID#: 15-5996)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7066602&isnumber=7066586

 

Sedenka, J.; Balagani, K.S.; Phoha, V.; Gasti, P., “Privacy-Preserving Population-Enhanced Biometric Key Generation from Free-Text Keystroke Dynamics,” Biometrics (IJCB), 2014 IEEE International Joint Conference on, vol., no., pp. 1, 8, Sept. 29 2014–Oct. 2 2014. doi:10.1109/BTAS.2014.6996244
Abstract: Biometric key generation techniques are used to reliably generate cryptographic material from biometric signals. Existing constructions require users to perform a particular activity (e.g., type or say a password, or provide a handwritten signature), and are therefore not suitable for generating keys continuously. In this paper we present a new technique for biometric key generation from free-text keystroke dynamics. This is the first technique suitable for continuous key generation. Our approach is based on a scaled parity code for key generation (and subsequent key reconstruction), and can be augmented with the use of population data to improve security and reduce key reconstruction error. In particular, we rely on linear discriminant analysis (LDA) to obtain a better representation of discriminable biometric signals. To update the LDA matrix without disclosing user's biometric information, we design a provably secure privacy-preserving protocol (PP-LDA) based on homomorphic encryption. Our biometric key generation with PP-LDA was evaluated on a dataset of 486 users. We report equal error rate around 5% when using LDA, and below 7% without LDA.
Keywords: biometrics (access control); cryptographic protocols; private key cryptography; LDA matrix update; PP-LDA; continuous key generation; cryptographic material generation; discriminable biometric signal representation; free-text keystroke dynamics; homomorphic encryption; key reconstruction; key reconstruction error reduction; linear discriminant analysis; population data; privacy-preserving population-enhanced biometric key generation; provably secure privacy-preserving protocol; scaled parity code; security improvement; user biometric information; Cryptography; Error correction codes; Feature extraction; Measurement; Protocols; Vectors (ID#: 15-5997)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6996244&isnumber=6996217

 

Abidin, A.; Mitrokotsa, A., “Security Aspects of Privacy-Preserving Biometric Authentication Based on Ideal Lattices and Ring-LWE,” Information Forensics and Security (WIFS), 2014 IEEE International Workshop on, vol., no., pp. 60, 65, 3-5 Dec. 2014. doi:10.1109/WIFS.2014.7084304
Abstract: In this paper, we study the security of two recently proposed privacy-preserving biometric authentication protocols that employ packed somewhat homomorphic encryption schemes based on ideal lattices and ring-LWE, respectively. These two schemes have the same structure and have distributed architecture consisting of three entities: a client server, a computation server, and an authentication server. We present a simple attack algorithm that enables a malicious computation server to learn the biometric templates in at most 2N-τ queries, where N is the bit-length of a biometric template and τ the authentication threshold. The main enabler of the attack is that a malicious computation server can send an encryption of the inner product of the target biometric template with a bitstring of his own choice, instead of the securely computed Hamming distance between the fresh and stored biometric templates. We also discuss possible countermeasures to mitigate the attack using private information retrieval and signatures of correct computation.
Keywords: biometrics (access control); client-server systems; cryptographic protocols; message authentication; Hamming distance; attack algorithm; authentication server; authentication threshold; client server; distributed architecture; homomorphic encryption scheme; malicious computation server; privacy-preserving biometric authentication protocol; private information retrieval; ring-LWE; security aspects; target biometric template; Authentication; Encryption; Protocols; Public key; Servers; Privacy-preserving biometric authentication; hill climbing attack; lattices; ring-LWE; somewhat homomorphic encryption (ID#: 15-5998)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7084304&isnumber=7084286

 

Barman, S.; Chattopadhyay, S.; Samanta, D., “An Approach to Cryptographic Key Distribution through Fingerprint Based Key Distribution Center,” Advances in Computing, Communications and Informatics (ICACCI), 2014 International Conference on, vol., no., pp. 1629, 1635, 24-27 Sept. 2014. doi:10.1109/ICACCI.2014.6968299
Abstract: In information and communication technology, security of information is provided with cryptography. In cryptography, key management is an important part of the whole system as the security lies on secrecy of cryptographic key. Symmetric cryptography uses same key (secret key) for message encryption as well as cipher text decryption. Distribution of the secret key is the main challenge in symmetric cryptography. In symmetric cryptography, key distribution center (KDC) takes the responsibility to distribute the secret key between the communicating parties to establish a secure communication among them. In the traditional KDC, a unique key is used between communicating parties for the purpose of distributing session keys. In this respect, our proposed approach uses fingerprint biometrics of communicating parties for the purpose of unique key generation and distribute session key with the fingerprint based key of user. As the key is generated from fingerprint of user, there is no scope of attacks to break the unique key. In this way, the unique key is associated with biometric data of communicating party and the key is not need to remember by that party. This approach converts the knowledge based authentication to biometric based authentication of KDC. At the same time, our approach protects the privacy of fingerprint identity as the identity of user is not disclosed even when the KDC is compromised.
Keywords: cryptography; data privacy; fingerprint identification; message authentication; biometric based authentication; cipher text decryption; cryptographic key distribution; fingerprint based key distribution center; fingerprint biometrics; fingerprint identity privacy; information security; key management; knowledge based authentication; message encryption; secret key distribution; symmetric cryptography; Bioinformatics; Biometrics (access control); Cryptography; Feature extraction; Fingerprint recognition; Image matching; Vectors; Cryptographic key; Cryptography; Fingerprint; Fingerprint based cryptographic key; Key Distribution Center; Secret key (ID#: 15-5999)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6968299&isnumber=6968191

 

Yuan Tian; Al-Rodhaan, M.; Biao Song; Al-Dhelaan, A.; Ting Huai Ma, “Somewhat Homomorphic Cryptography for Matrix Multiplication Using GPU Acceleration,” Biometrics and Security Technologies (ISBAST), 2014 International Symposium on, vol., no., pp. 166, 170, 26-27 Aug. 2014. doi:10.1109/ISBAST.2014.7013115
Abstract: Homomorphic encryption has become a popular research topic since the cloud computing paradigm emerged. This paper discusses the design of a GPU-assisted homomorphic cryptograph for matrix operation. Our proposed scheme is based on an n*n matrix multiplication which are computationally homomorphic. We use more efficient GPU programming scheme with the extension of DGHV homomorphism, which prove the result of verification does not leak any information about the inputs or the output during the encryption and decryption. The performance results are obtained from the executions on a machine equipped with a GeForce GTX 765M GPU. We use three basic parallel algorithms to form efficient solutions which accelerate the speed of encryption and evaluation. Although fully homomorphic encryption is still not practical for real world applications in current stage, this work shows the possibility to improve the performance of homomorphic encryption and achieve this target one step closer.
Keywords: cryptography; graphics processing units; matrix multiplication; parallel algorithms; DGHV homomorphism; GPU acceleration; GPU programming; GeForce GTX 765M GPU; decryption; homomorphic cryptography; matrix multiplication; parallel algorithms; Acceleration; Educational institutions; Encryption; Graphics processing units; Public key; Cloud; Cryptography; GPU; Homomorphic encryption; Matrix multiplication; Privacy; Security (ID#: 15-6000)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7013115&isnumber=7013076

 

Lakhera, M., “Enhancing Security of Stored Biometric Data,” Computational Intelligence on Power, Energy and Controls with their impact on Humanity (CIPECH), 2014 Innovative Applications of , vol., no., vol., no., pp. 515, 518, 28-29 Nov. 2014. doi:10.1109/CIPECH.2014.7019043
Abstract: A biometric system is weak to a different type of attacks targeted at undermining the reliability of the verification process. These attacks are either imposter or irrevocability. Imposter means information stored in database, can be abused to construction of artificial biometric and replace it for fake authentication and irrevocability means once compromised, biometric not be updated, reissued or destroyed. In this paper we present a general architecture with the help of Digital Signature that guarantees privacy protection of biometric data. We specifically focus on secure a biometric data at the time of authentication and storage.
Keywords: biometrics (access control); data privacy; security of data; artificial biometric; biometric data security; digital signature; privacy protection; verification process reliability; Bioinformatics; Biometrics (access control); Data mining; Databases; Feature extraction; Receivers; Security; Encryption; Password; Private Key; Public Key; Verification (ID#: 15-6001)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7019043&isnumber=7018206

 

Bissessar, D.; Adams, C.; Dong Liu, “Using Biometric Key Commitments to Prevent Unauthorized Lending of Cryptographic Credentials,” Privacy, Security and Trust (PST), 2014 Twelfth Annual International Conference on, vol., no., pp. 75, 83, 23-24 July 2014. doi:10.1109/PST.2014.6890926
Abstract: We present a technique that uses privacy enhancing technologies and biometrics to prevent the unauthorized lending of credentials. Current credential schemes suffer the weakness that issued credentials can be transferred between users. Our technique ensures the biometric identity of the individual executing the Issue and Show protocols of an existing credential system in a manner analogous to the enrollment and verification steps in traditional biometric systems. During Issue we create Pedersen commitments on biometrically derived keys obtained from fuzzy extractors. This issue-time commitment is sealed into the issued credential. During Show a verification-time commitment is generated. Correspondence of keys is verified using a zero-knowledge proof of knowledge. The proposed approach preserves the security of the underlying credential system, protects the privacy of the biometric, and generalizes to multiple biometric modalities. We illustrate the usage of our technique by showing how it can be incorporated into digital credentials and anonymous credentials.
Keywords: cryptography; data privacy; Pedersen commitments; anonymous credentials; biometric identity; biometric key commitments; biometric modalities; credential schemes; credential system; cryptographic credentials; digital credentials; fuzzy extractors; issue protocol; issue-time commitment;  show protocol; Data mining; Encryption; Measurement; Privacy; Protocols; biometrics; non-transferability; privacy enhancing technologies (ID#: 15-6002)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6890926&isnumber=6890911

 

Uluagac, A.S.; Wenyi Liu; Beyah, R., “A Multi-Factor Re-Authentication Framework with User Privacy,” Communications and Network Security (CNS), 2014 IEEE Conference on, vol., no., pp. 504, 505, 29-31 Oct. 2014. doi:10.1109/CNS.2014.6997526
Abstract: Continuous re-authentication of users is a must to protect connections with long duration against any malicious activity. Users can be re-authenticated in numerous ways. One popular way is an approach that requires the presentation of two or more authentication factors (i.e., knowledge, possession, identity) called Multi-factor authentication (MFA). Given the market dominance of ubiquitous computing systems (e.g., cloud), MFA systems have become vital in re-authenticating users. Knowledge factor (i.e., passwords) is the most ubiquitous authentication factor; however, forcing a user to re-enter the primary factor, a password, at frequent intervals could significantly lower the usability of the system. Unfortunately, an MFA system with a possession factor (e.g., Security tokens) usually depends on the distribution of some specific device, which is cumbersome and not user-friendly. Similarly, MFA systems with an identity factor (e.g., physiological biometrics, keystroke pattern) suffer from a relatively low deployability and are highly intrusive and expose users sensitive information to untrusted servers. These servers can keep physically identifying elements of users, long after the user ends the relationship with the server. To address these concerns, in this poster, we introduce our initial design of a privacy-preserving multi-factor re-authentication framework. The first factor is a password while the second factor is a hybrid profile of user behavior with a large combination of host- and network-based features. Our initial results are very promising as our framework can successfully validate legitimate users while detecting impostors.
Keywords: authorisation; cryptography; data privacy; MFA system; authentication factor; knowledge factor; possession factor; privacy-preserving multifactor re-authentication framework; ubiquitous computing system; user privacy; Authentication; Cloud computing; Educational institutions; Encryption; Privacy; Servers; Usability; Fully Homomorphic Encryption; Fuzzy Hashing; Privacy-Preserving Reauthentication; Re-authentication in Cloud (ID#: 15-6003)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6997526&isnumber=6997445

 

Al-Jaberi, M.F.; Zainal, A., “Data Integrity and Privacy Model in Cloud Computing,” Biometrics and Security Technologies (ISBAST), 2014 International Symposium on, vol., no., pp. 280, 284, 26-27 Aug. 2014. doi:10.1109/ISBAST.2014.7013135
Abstract: Cloud computing is the future of computing industry and it is believed to be the next generation of computing technology. Among the major concern in cloud computing is data integrity and privacy. Clients require their data to be safe and private from any tampering or unauthorized access. Various algorithms and protocols (MD5, AES, and RSA-based PHE) are implemented by the various components of this model to provide the maximum levels of integrity management and privacy preservation for data stored in public cloud such as Amazon S3. The impact of algorithms and protocols, used to ensure data integrity and privacy, is studied to test the performance of the proposed model. The prototype system showed that data integrity and privacy are ensured against unauthorized parties. This model reduces the burden of checking the integrity of data stored in cloud storage by utilizing a third party, integrity checking service, and applies security mechanism that ensure privacy and confidentiality of data stored in cloud computing. This paper proposes an architecture based model that provides data integrity verification and privacy preserving in cloud computing.
Keywords: authorisation; cloud computing; data integrity; data privacy; unauthorized access; Cloud computing; Computational modeling; Data models; Data privacy; Encryption; Amazon S3 (ID#: 15-6004)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7013135&isnumber=7013076 
 

---

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

---

 

Compositional Security, 2014

 

	Compositional Security 2014

The Hard Problem of composability and scalability remains a focus of the four Science of Security Lablets. However, aside from them, there was relatively little research reported in 2014 in this area.

---

Rafnsson, W.; Sabelfeld, A., “Compositional Information-Flow Security for Interactive Systems,” Computer Security Foundations Symposium (CSF), 2014 IEEE 27th, vol., no., pp. 277, 292, 19-22 July 2014. doi:10.1109/CSF.2014.27
Abstract: To achieve end-to-end security in a system built from parts, it is important to ensure that the composition of secure components is itself secure. This work investigates the compositionality of two popular conditions of possibilistic noninterference. The first condition, progress-insensitive noninterference (PINI), is the security condition enforced by practical tools like JSFlow, Paragon, sequential LIO, Jif, Flow Caml, and SPARK Examiner. We show that this condition is not preserved under fair parallel composition: composing a PINI system fairly with another PINI system can yield an insecure system. We explore constraints that allow recovering compositionality for PINI. Further, we develop a theory of compositional reasoning. In contrast to PINI, we show what PSNI behaves well under composition, with and without fairness assumptions. Our work is performed within a general framework for nondeterministic interactive systems.
Keywords: interactive systems; security of data; Flow Caml; JSFlow; Jif; PINI system; Paragon; SPARK Examiner; compositional information-flow security; compositional reasoning; end-to-end security; nondeterministic interactive systems; parallel composition; possibilistic noninterference; progress-insensitive noninterference; sequential LIO; Cognition; Computational modeling; Interactive systems; Security; Semantics; Sensitivity; Synchronization (ID#: 15-6038)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6957117&isnumber=6957090

 

Cong Sun; Ning Xi; Jinku Li; Qingsong Yao; Jianfeng Ma, “Verifying Secure Interface Composition for Component-Based System Designs,” Software Engineering Conference (APSEC), 2014 21st Asia-Pacific , vol.1, no., pp. 359, 366, 1-4 Dec. 2014. doi:10.1109/APSEC.2014.60
Abstract: Information flow security has been considered as a critical requirement on software systems, especially when heterogeneous components from different parties cooperate to achieve end-to-end enforcement on data confidentiality. Enforcing the information flow security properties on complicated systems faces a great challenge because the properties cannot be preserved under composition and most of the current approaches are not scalable enough. To address this problem, there have been several recent efforts on the compositional information flow analyses developed for different abstraction levels. But these approaches have rarely been considered to incorporate with the process of system design. Integrating the security enforcement with the model-based development process can provide the designer with ability to verify information flow security in the early stage of system development. We propose a compositional information flow verification which is integrated with model-based system design in Sys ML by an automated model translation from semi-formal behavior and structure models to interface automata. Our compositional approach is general to support the complex security lattices and a variety of in distinguish ability relations. The evaluation results show the usability of our approach on practical system designs and the scalability of the compositional verification.
Keywords: automata theory; object-oriented programming; security of data; software architecture; SysML; abstraction levels; automated model translation; complex security lattices; component-based system designs; compositional information flow analyses; data confidentiality; heterogeneous components; information flow security; interface automata; model-based development process; model-based system design; secure interface composition verification; security enforcement; semiformal behavior; software systems; structure models; Artificial intelligence; Automata; Component architectures; Lattices; Modeling; Security; Unified modeling language; component-based design; information flow; interface automata; model translation; model-based development; noninterference; systems modeling language (ID#: 15-6039)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7091331&isnumber=7091273

 

Alzubaidi, W.Kh.; Longzheng Cai; Alyawer, S.A., “Enhance the Performance of ICMP Protocol by Reduction the IP over Ethernet Naming Architecture,” Computer and Information Sciences (ICCOINS), 2014 International Conference on, vol., no.,
pp. 1, 6, 3-5 June 2014. doi:10.1109/ICCOINS.2014.6868392
Abstract: This study addresses the Internet Control Message Protocol (ICMP) performance problems arising in Internet protocol (IP) over Ethernet networks. These problems arise because of the compatibility issue between two different compositional protocols: the IP and Ethernet protocol. The motivation behind addressing the compatibility problem is to improve the security and performance of networks by studying the link compatibility between the Ethernet and IP protocols. The findings of this study have given rise to proposals for modifications. A reduction in the current naming architecture design is advocated to improve the performance and security of IP over Ethernet networks. The use of the IP address, as one flat address for the naming architecture, is proposed instead of using both the IP and Media Access Control (MAC) addresses. The proposed architecture is evaluated through a simulated cancellation of the use of the Address Resolution Protocol (ARP) protocol.
Keywords: IP networks; computer network performance evaluation; computer network security; local area networks; transport protocols; ARP protocol; Ethernet naming architecture; Ethernet protocol; ICMP performance problems; ICMP protocol performance; IP address; IP over Ethernet networks; IP protocols; Internet control message protocol; address resolution protocol; compatibility problem; compositional protocols; flat address; link compatibility; naming architecture design; network performance; security; Computer architecture; Computers; Ethernet networks; IP networks; Protocols; Security; Unicast; Ethernet Networks; ICMP; IP; MAC; Naming Architecture; Performance (ID#: 15-6040)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6868392&isnumber=6868339

 

Modersheim, S.; Katsoris, G., “A Sound Abstraction of the Parsing Problem,” Computer Security Foundations Symposium (CSF), 2014 IEEE 27th, vol., no., pp. 259, 273, 19-22 July 2014. doi:10.1109/CSF.2014.26
Abstract: In formal verification, cryptographic messages are often represented by algebraic terms. This abstracts not only from the intricate details of the real cryptography, but also from the details of the non-cryptographic aspects: the actual formatting and structuring of messages. We introduce a new algebraic model to include these details and define a small, simple language to precisely describe message formats. We support fixed-length fields, variable-length fields with offsets, tags, and encodings into smaller alphabets like Base64, thereby covering both classical formats as in TLS and modern XML-based formats. We define two reasonable properties for a set of formats used in a protocol suite. First, each format should be un-ambiguous: any string can be parsed in at most one way. Second, the formats should be pair wise disjoint: a string can be parsed as at most one of the formats. We show how to easily establish these properties for many practical formats. By replacing the formats with free function symbols we obtain an abstract model that is compatible with all existing verification tools. We prove that the abstraction is sound for un-ambiguous, disjoint formats: there is an attack in the concrete message model if there is one in the abstract message model. Finally we present highlights of a practical case study on TLS.
Keywords: XML; cryptography; formal verification; grammars; program compilers; Base64; TLS; XML-based formats; abstract model; algebraic model; algebraic terms; concrete message model; cryptographic messages; fixed-length fields; formal verification; message formats; noncryptographic aspects; parsing problem; sound abstraction; variable-length fields; Abstracts; Algebra; Encoding; Encryption; Law; Protocols; Security protocols; compositional reasoning; formal verification; message formats; soundness (ID#: 15-6041)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6957116&isnumber=6957090

 

Tzimiropoulos, G.; Alabort-i-Medina, J.; Zafeiriou, S.P.; Pantic, M., “Active Orientation Models for Face Alignment In-the-Wild,” Information Forensics and Security, IEEE Transactions on, vol. 9, no. 12, pp. 2024, 2034, Dec. 2014. doi:10.1109/TIFS.2014.2361018
Abstract: We present Active Orientation Models (AOMs), generative models of facial shape and appearance, which extend the well-known paradigm of Active Appearance Models (AAMs) for the case of generic face alignment under unconstrained conditions. Robustness stems from the fact that the proposed AOMs employ a statistically robust appearance model based on the principal components of image gradient orientations. We show that when incorporated within standard optimization frameworks for AAM learning and fitting, this kernel Principal Component Analysis results in robust algorithms for model fitting. At the same time, the resulting optimization problems maintain the same computational cost. As a result, the main similarity of AOMs with AAMs is the computational complexity. In particular, the project-out version of AOMs is as computationally efficient as the standard project-out inverse compositional algorithm, which is admittedly one of the fastest algorithms for fitting AAMs. We verify experimentally that: 1) AOMs generalize well to unseen variations and 2) outperform all other state-of-the-art AAM methods considered by a large margin. This performance improvement brings AOMs at least in par with other contemporary methods for face alignment. Finally, we provide MATLAB code at http://ibug.doc.ic.ac.uk/resources.
Keywords: computational complexity; face recognition; optimisation; principal component analysis; AAM learning; AAMs; AOMs; MATLAB code; active appearance models; active orientation models; computational complexity; computational cost; face alignment in-the-wild; facial shape; generative models; generic face alignment; image gradient orientations; kernel principal component analysis; model fitting; optimization frameworks; project-out inverse compositional algorithm; unconstrained conditions; Active appearance model; Deformable models; Face; Principal component analysis; Robustness; Shape; Active Appearance Models; Active Orientation Models; Active orientation models; Face alignment; active appearance models; face alignment (ID#: 15-6042)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6914605&isnumber=6953163

 

Litian Xiao; Mengyuan Li; Ming Gu; Jiaguang Sun, “A Hierarchy Framework on Compositional Verification for PLC Software,” Software Engineering and Service Science (ICSESS), 2014 5th IEEE International Conference on, vol., no., pp. 204, 207, 27-29 June 2014. doi:10.1109/ICSESS.2014.6933545
Abstract: The correctness verification of embedded control software has become an important research topic in embedded system field. The paper analyses the present situation on correctness verification of control software as well as the limitations of existing technologies. In order to the high reliability and high security requirements of control software, the paper proposes a hierarchical framework and architecture of control software (PLC program) verification. The framework combines the technologies of testing, model checking and theorem proving. The paper introduces the construction, flow and key elements of the architecture.
Keywords: control engineering computing; embedded systems; program verification; programmable controllers; theorem proving; PLC program verification; PLC software; compositional verification; control software verification; correctness verification ;embedded control software; embedded system field; hierarchical framework; model checking; security requirements; theorem proving; Computer architecture; Computer bugs; Mathematical model; Model checking; Semantics; Software; PLCsoftware; compositional verification; hierarchy framework; verification architecture (ID#: 15-6043)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6933545&isnumber=6933501

 

Herber, P., “The RESCUE Approach —Towards Compositional Hardware/Software Co-verification,” High Performance Computing and Communications, 2014 IEEE 6th Intl Symp on Cyberspace Safety and Security, 2014 IEEE 11th Intl Conf on Embedded Software and Syst (HPCC,CSS,ICESS), 2014 IEEE Intl Conf on, vol., no., pp. 721, 724, 20-22 Aug. 2014. doi:10.1109/HPCC.2014.109
Abstract: In the last decades, there has been a lot of work on formal verification techniques for embedded hardware/software systems. The main barriere for the application of these techniques in industrial application is the state-space explosion problem, i.e., The lacking scalability of formal verification. To tackle this problem, we propose a modular verification framework that supports the whole design flow of embedded HW/SW system combining a variety of verification techniques, ranging from formal hardware verification over software verification to system verification. We target the system level design language SystemC, which has become the de facto standard in HW/SW co-design, but severely lacks support for automated and comprehensive verification. To achieve a modular and automatable verification flow, we start with a definition of an intermediate representation for SystemC (SysCIR). Then, we process the SysCIR by a set of modular engines. First, we aim at developing innovative slicing and abstraction engines, which significantly reduce the semantic state space. Second, we aim at providing a set of transformation engines that target a variety of verification tools. In particular, we combine hardware, software and system verification techniques in order to cope with the different models of computation inherently intertwined in embedded HW/SW systems.
Keywords: C language; embedded systems; formal verification; hardware-software codesign; state-space methods; HW/SW codesign; RESCUE approach; SysCIR; SystemC; abstraction engine; automatable verification flow; automated verification; comprehensive verification; de facto standard; design flow; embedded HW/SW system; embedded hardware/software system; formal hardware verification; formal verification technique; hardware/software co-verification; industrial application; innovative slicing; intermediate representation; lacking scalability; modular engine; modular verification framework; software verification; state-space explosion problem; system level design language; system verification technique; transformation engine; verification tool; Computational modeling; Embedded systems; Engines; Hardware; Model checking; Semantics; Formal Verification; Hardware/Software Co-Design (ID#: 15-6044)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7056823&isnumber=7056577
 

---

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

---

Consumer Privacy in the Smart Grid, 2014

 

	Consumer Privacy in the Smart Grid 2014

Concerns about consumer privacy and electric power usage have impacted utilities' fielding of smart-meters. Securing power meter readings in a way that addresses while protecting consumer privacy is a concern of research designed to help alleviate those concerns. The research presented here was published in 2014.

---

Kumar, V.; Hussain, M., “Secure Communication for Advance Metering Infrastructure in Smart Grid,” India Conference (INDICON), 2014 Annual IEEE, vol., no., pp. 1, 6, 11-13 Dec. 2014.  doi:10.1109/INDICON.2014.7030600
Abstract: The electrical power industry is in the process of integration with bidirectional information and power flow infrastructure commonly called smart grid. Advance metering infrastructure (AMI) is an important component of the smart grid in which data and signal is transferred from consumer smart meter to smart grid and vice versa. Cyber security is to be considered before implementing AMI applications. For delivering Smart meter data and manage message securely, there is a need of a unique security mechanism to ensure the integration of availability and privacy. In such security mechanisms, the cryptographic overhead, including certificates and signatures, is quite significant for an embedded device like a smart meter in smart grid AMI compared to normal personal computers in a regular enterprise network. Additionally, cryptographic operations contribute significant computational cost, when recipient end verifies the message in each communication. We proposed a light and flexible protocol for secure communication between smart meters and smart grid infrastructure. The proposed protocol authenticate both control center and smart meter and also securely exchange secret key (session key) between two entities for secure communication between them. Proposed protocol help to mitigate several types of attacks on smart grid by identifying the origin of attacks against AMI. The proposed protocol is tested for security and no attack was found. Its performance is also found to be better than existing mechanism.
Keywords: cryptographic protocols; data communication; electricity supply industry; load flow; power engineering computing; private key cryptography; smart meters; smart power grids; advance metering infrastructure; attack mitigation; bidirectional information infrastructure; consumer smart meter; cryptographic overhead; cyber security; data management; electrical power industry; flexible protocol; message management; power flow infrastructure; secret key exchange; secure communication; smart grid AMI; unique security mechanism; Authentication; Protocols; Public key; Smart grids; Smart meters; AMI; smart grid; smart meter (ID#: 15-6359)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7030600&isnumber=7030354

 

Lei Yang; Hao Xue; Fengjun Li, “Privacy-Preserving Data Sharing in Smart Grid Systems,” Smart Grid Communications (SmartGridComm), 2014 IEEE International Conference on, vol., no., pp. 878, 883, 3-6 Nov. 2014. doi:10.1109/SmartGridComm.2014.7007759
Abstract: The smart grid systems aim to integrate conventional power grids with modern information communication technology. While intensive research efforts have been focused on ensuring data correctness in AMI data collection and protecting data confidentiality in smart grid communications, less effort has been devoted to privacy protection in smart grid data management and sharing. In smart grid data management, the Advanced Metering Infrastructure (AMI) collects high-frequency energy consumption data, which often contains rich inhabitant and lifestyle information about the end consumers. The data is often shared with various stakeholders, such as the generators, distributors and marketers. However, the utility may not have consent of the users to share potentially sensitive data. In this paper, we develop comprehensive mechanisms to enable privacy-preserving smart data management. First, we analyze the privacy threats and consumer identifiability issues associated with high-frequency AMI data. We then present the first solution based on data sanitization, which eliminates sensitive/identifiable information before sharing usage data with external peers. Meanwhile, we present solutions based on secure multi-party computing to enable external peers to perform aggregate/statistical operations on original metering data in a privacy-preserving manner. Experiments on real-world consumption data demonstrate the validity and effectiveness of the proposed solutions.
Keywords: power engineering computing; power system measurement; smart power grids; AMI data collection; advanced metering infrastructure; consumer identifiability; data confidentiality; data sanitization; energy consumption data; information communication technology; power grids; privacy-preserving data sharing; smart grid communications; smart grid data management; smart grid systems; Aggregates; Data privacy; Energy consumption; Privacy; Servers; Smart grids; Smart meters (ID#: 15-6360)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7007759&isnumber=7007609

 

Sook-Chin Yip; KokSheik Wong; Phan, R.C.-W.; Su-Wei Tan; Ku, I.; Wooi-Ping Hew, “A Privacy-Preserving and Cheat-Resilient Electricity Consumption Reporting Scheme for Smart Grids,” Computer, Information and Telecommunication Systems (CITS), 2014 International Conference on, vol., no., pp. 1, 5, 7-9 July 2014. doi:10.1109/CITS.2014.6878971
Abstract: One of the significant benefits of smart grid as compared to conventional power grid is the capability to collect fine-grained data from each smart meter remotely, thereby enabling utility provider to balance load effectively and offer time-adaptive pricing schemes. Nevertheless, the ability to read fine-granular measurements constitutes a serious privacy threat to the consumers. Therefore, it is crucial to consider the privacy issues in smart grid in order to preserve consumers' privacy and protect data integrity. In this paper, we propose a Privacy-Preserving and Cheat-Resilient (PPCR) electricity consumption reporting scheme for smart grid communication. PPCR adopts incremental hash function to conceal consumers' energy usage data from unauthorized parties, as well as the utility companies. The proposed scheme enables utility provider to perform data integrity check without disrupting smart grid services such as load management and billing. Security analysis is conducted to demonstrate that PPCR withstands malicious operations, preserves consumers' privacy and is robust to adversaries' cheating and smart meters malfunction.
Keywords: cryptography; data integrity; data protection; power consumption; power engineering computing; power system measurement; power system security; pricing; resource allocation; smart power grids; PPCR scheme; consumer energy usage data; consumer privacy preservation; data integrity check; data integrity protection; fine-grained data collection; fine-granular measurements; incremental hash function; load balancing; privacy-preserving and cheat-resilient electricity consumption reporting scheme; security analysis; smart grid communication; smart meter malfunction; smart power grids; time-adaptive pricing schemes; utility provider; Companies; Cryptography; Electricity; Privacy; Smart grids; Smart meters; cheat-resilient; integrity; privacy; smart grid (ID#: 15-6361)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6878971&isnumber=6878950

 

Alharbi, K.; Xiaodong Lin; Jun Shao, “A Framework for Privacy-Preserving Data Sharing in the Smart Grid,” Communications in China (ICCC), 2014 IEEE/CIC International Conference on, vol., no., pp. 214, 219, 13-15 Oct. 2014. doi:10.1109/ICCChina.2014.7008274
Abstract: Distributed energy resources, featured with small-scale power generation technologies and renewable energy sources, have been considered as a necessary supplement for the smart grid. In order to make the merged power grid to be still smart, the data generated at the consumer side should be shared among the energy resources. However, this approach brings difficulties on how to protect consumers' privacy. To deal with the problem, in this paper, we propose a new framework for data sharing in the smart grid by using a combination of homomorphic encryption and proxy re-encryption techniques. The proposed framework allows the energy resources to be able to analyze the consumers' data while keeping the consumers' privacy. Another good property of our proposed framework is that the consumers' data is transmitted over the smart grid only once. To the best of our knowledge, our framework is first attempt to consider an important problem concerning data sharing in the smart grid.
Keywords: cryptography; data privacy; electric power generation; power system analysis computing; power system security; renewable energy sources; smart power grids; distributed energy resources; homomorphic encryption technique; power grid; privacy-preserving data sharing; proxy reencryption technique; renewable energy sources; small-scale power generation technologies; smart grid; Electricity; Encryption; Energy resources; Public key; Servers; Smart grids (ID#: 15-6362)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7008274&isnumber=7008220

 

Inshil Doh; Jiyoung Lim; Kijoon Chae, “Service Security for Smart Grid System,” Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), 2014 Eighth International Conference on, vol., no., pp. 427, 432, 2-4 July 2014. doi:10.1109/IMIS.2014.61
Abstract: One of major application service areas in M2M (Machine-to-Machine) is the smart grid system. In smart grid systems, information and communications technology are used to gather and act on information that is related to the behaviors of consumers and suppliers. The technology is to improve the efficiency, reliability, and economics of the production and distribution of electricity. To make the system more reliable, security is a very important issue. In this paper, we propose secure system architecture and a mechanism to provide security for smart grid system robustness and reliability.
Keywords: mobile communication; power distribution economics; power distribution reliability; power system security; smart power grids; M2M; electricity distribution economics; electricity distribution efficiency; electricity distribution reliability; electricity production economics; electricity production efficiency; electricity production reliability; information-communication technology; machine-to-machine; service security; smart grid system reliability; smart grid system robustness; Encryption; Privacy; Servers; Smart grids; Smart meters; M2M; privacy; security; smart grid; system architecture (ID#: 15-6363)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6975501&isnumber=6975399

 

Beussink, A.; Akkaya, K.; Senturk, I.F.; Mahmoud, M.M.E.A., “Preserving Consumer Privacy on IEEE 802.11s-Based Smart Grid AMI Networks Using Data Obfuscation,” Computer Communications Workshops (INFOCOM WKSHPS), 2014 IEEE Conference on, vol., no., pp. 658, 663, April 27 2014–May 2 2014. doi:10.1109/INFCOMW.2014.6849309
Abstract: While the newly envisioned Smart(er) Grid (SG) will result in a more efficient and reliable power grid, its use of fine-grained meter data has widely raised concerns of consumer privacy. In this paper, we propose to implement a data obfuscation approach to preserve consumer privacy and assess its feasibility on large-scale Advanced Metering Infrastructure (AMI) network built upon the new IEEE 802.11s wireless mesh standard. We first propose a secure obfuscation value distribution approach on this 802.11s-based wireless mesh network. Using obfuscation values provided via this approach, the meter readings are obfuscated to protect consumer privacy from eavesdroppers and the utility companies while preserving the utility companies' ability to use the data for state estimation. We assessed the impact of using this privacy approach on the data throughput and delay. Simulation results have shown that the impact of our approach on the network performance is acceptable.
Keywords: power system measurement; power system reliability; power system security; power system state estimation; smart power grids; wireless mesh networks; IEEE 802.11s wireless mesh standard; IEEE 802.11s-based smart grid AMI network; SG; advanced metering infrastructure; consumer privacy preservation; fine-grained meter data; power grid reliability; secure data obfuscation value distribution approach; state estimation; Companies; Data privacy; Logic gates; Privacy; Security; State estimation; Vectors (ID#: 15-6364)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6849309&isnumber=6849127

 

Paverd, A.; Martin, A.; Brown, I., “Privacy-Enhanced Bi-Directional Communication in the Smart Grid Using Trusted Computing,” Smart Grid Communications (SmartGridComm), 2014 IEEE International Conference on, vol., no., pp. 872, 877, 3-6 Nov. 2014. doi:10.1109/SmartGridComm.2014.7007758
Abstract: Although privacy concerns in smart metering have been widely studied, relatively little attention has been given to privacy in bi-directional communication between consumers and service providers. Full bi-directional communication is necessary for incentive-based demand response (DR) protocols, such as demand bidding, in which consumers bid to reduce their energy consumption. However, this can reveal private information about consumers. Existing proposals for privacy-enhancing protocols do not support bi-directional communication. To address this challenge, we present a privacy-enhancing communication architecture that incorporates all three major information flows (network monitoring, billing and bi-directional DR) using a combination of spatial and temporal aggregation and differential privacy. The key element of our architecture is the Trustworthy Remote Entity (TRE), a node that is singularly trusted by mutually distrusting entities. The TRE differs from a trusted third party in that it uses Trusted Computing approaches and techniques to provide a technical foundation for its trustworthiness. A automated formal analysis of our communication architecture shows that it achieves its security and privacy objectives with respect to a previously-defined adversary model. This is therefore the first application of privacy-enhancing techniques to bi-directional smart grid communication between mutually distrusting agents.
Keywords: data privacy; energy consumption; incentive schemes; invoicing; power engineering computing; power system measurement; protocols; smart meters; smart power grids; trusted computing; TRE; automated formal analysis; bidirectional DR information flow; billing information flow; differential privacy; energy consumption reduction; incentive-based demand response protocol; network monitoring information flow; privacy-enhanced bidirectional smart grid communication architecture; privacy-enhancing protocol; smart metering; spatial aggregation; temporal aggregation; trustworthy remote entity; Bidirectional control; Computer architecture; Monitoring; Privacy; Protocols; Security; Smart grids (ID#: 15-6365)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7007758&isnumber=7007609

 

Ying Bi; Jamalipour, Abbas, “A Voluntary-Based Real-Time Incentive Scheme for Smart Grid Demand Management,” Telecommunications (ICT), 2014 21st International Conference on, vol., no., pp. 447, 451, 4-7 May 2014. doi:10.1109/ICT.2014.6845156
Abstract: In power system, consumers' power demands are highly desirable information by grid operators for asset management and grid operation. However, users may hesitate to report such private information due to the potential privacy leakage risk and other extra cost. A compulsory-based scheme which forces consumers to reveal private data, or a punishment scheme in which consumers get penalty for unwillingness to disclose might not be desired. Given the importance of demand information, in this paper, we acknowledge consumers' ownership rights on their private data and propose a novel voluntary-based real-time incentive scheme (RTIS) to promote demand management in the smart grid. In RTIS, Load Serving Entity (LSE) plays the role of power retailer. LSE rewards cooperating consumers with a discounted electricity retail price to compensate the consumers' extra cost associated with participation. By carefully selecting a discount rate, RTIS ensures that LSE can collect sufficient demand response for load anticipation without detriment to its market revenue. Simulation results confirm that our proposed scheme can achieve satisfactory social welfare even compared with compulsory demand upload schemes.
Keywords: asset management; demand side management; electricity supply industry; incentive schemes; power system economics; power system security; smart power grids; LSE; RTIS; asset management; compulsory-based scheme; demand response; discount rate selection; discounted electricity retail price; grid operation; load anticipation; load serving entity; ownership rights; potential privacy leakage risk; power demand; power industry; power system; punishment scheme; smart grid demand management; social welfare; voluntary-based real-time incentive scheme; Aggregates; Electricity; Electricity supply industry; Load modeling; Power demand; Real-time systems; Smart grids (ID#: 15-6366)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6845156&isnumber=6845063

 

Mohassel, R.R.; Fung, A.S.; Mohammadi, F.; Raahemifar, K., “A Survey on Advanced Metering Infrastructure and Its Application in Smart Grids,” Electrical and Computer Engineering (CCECE), 2014 IEEE 27th Canadian Conference on, vol., no., pp. 1, 8, 4-7 May 2014. doi:10.1109/CCECE.2014.6901102
Abstract: This survey paper is an excerpt of a more comprehensive study on Smart Grid (SG) and the role of Advanced Metering Infrastructure (AMI) in SG. The survey was carried out as part of a feasibility study for the creation of a Net-Zero community in a city in Ontario, Canada. SG is not a single technology; rather it is a combination of different areas of engineering, communication and management. This paper intends to focus on AMI, which is responsible for collecting all the data and information from loads and consumers, as the foundation for SG. AMI is also responsible for implementing control signals and commands to perform necessary control actions, including Demand Side Management (DSM). In this paper we introduce SG and its features, establish the relation between SG and AMI, explain three main subsystems of AMI and discuss related security issues.
Keywords: smart meters; smart power grids; AMI; Canada; Ontario; SG; advanced metering infrastructure; net-zero community; smart grids; Privacy; Reliability; Security; Smart grids; Smart meters; Wireless communication; Zigbee; Advanced metering; Smart Grid; smart metering (ID#: 15-6367)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6901102&isnumber=6900900

 

Ratliff, L.J.; Dong, R.; Ohlsson, H.; Cardenas, A.A.; Sastry, S.S., “Privacy and Customer Segmentation in the Smart Grid,” Decision and Control (CDC), 2014 IEEE 53rd Annual Conference on, vol., no., pp. 2136, 2141, 15-17 Dec. 2014. doi:10.1109/CDC.2014.7039714
Abstract: In the electricity grid, networked sensors which record and transmit increasingly high-granularity data are being deployed. In such a setting, privacy concerns are a natural consideration. In order to obtain the consumer's valuation of privacy, we design a screening mechanism consisting of a menu of contracts offered to the energy consumer with varying guarantees of privacy. The screening process is a means to segment customers. Finally, we design insurance contracts using the probability of a privacy breach to be offered by third-party insurance companies.
Keywords: consumer protection; contracts; data privacy; insurance; smart power grids; customer segmentation; electricity grid; energy consumer; insurance contracts; privacy breach probability; privacy guarantees; screening mechanism; smart grid; third-party insurance companies; Companies; Contracts; Data privacy; Insurance; Measurement; Privacy; Smart grids (ID#: 15-6368)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7039714&isnumber=7039338

 

Kishimoto, H.; Okamura, S., “Secure Consolidation of Charging Information over Smart Grid Using ID Federation,” Information Theory and its Applications (ISITA), 2014 International Symposium on, vol., no., pp. 226, 230, 26-29 Oct. 2014. doi:  (not provided)
Abstract: In the current power system, a bill for electricity used through an outlet is not charged to a consumer but to the manager of the outlet. This research presents schemes in which the bill for electricity is charged to the consumer. Even if a consumer uses outlets at outside the home, all bills for the power consumption at home and the outside are consolidated in an electric utility the consumer contracts with. In this paper, we define security requirements and evaluate that the proposed schemes satisfy the requirements. We suppose the privacy for consumer and the accuracy of billing as the security requirements and use an identity federation and digital signatures to satisfy the requirements. We propose a basic scheme first, and improve the efficiency of the scheme. We prove that the number of verifications and computational complexity are reduced in the improved scheme.
Keywords: computational complexity; data privacy; invoicing; power engineering computing; security of data; smart power grids; ID federation; charging information secure consolidation; computational complexity; consumer contract; current power system; electric utility; electricity bill; power consumption; security requirements; smart grid; Electricity; Manganese; Power demand; Power industry; Public key;  Smart grids (ID#: 15-6369)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6979837&isnumber=6979787

 

Depeng Li; Aung, Z.; Williams, J.; Sanchez, A., “P2DR: Privacy-Preserving Demand Response System in Smart Grids,” Computing, Networking and Communications (ICNC), 2014 International Conference on, vol., no., pp. 41, 47, 3-6 Feb. 2014. doi:10.1109/ICCNC.2014.6785302
Abstract: Demand response programs are widely used to balance the supply and the demand in smart grids. They result in a reliable electric power system. Unfortunately, the privacy violation is a pressing challenge and increasingly affects the demand response programs because of the fact that power usage and operational data can be misused to infer personal information of customers. Without a consistent privacy preservation mechanism, adversaries can capture, model and divulge customers' behavior and activities at almost every level of society. This paper investigates a set of new privacy threat models focusing on financial rationality verse inconvenience. Furthermore, we design and implement a privacy protection protocol based on attributed-based encryptions. To demonstrate its feasibility, the protocol is adopted in several kinds of demand response programs. Real-world experiments show that our scheme merely incurs a substantially light overhead, but can address the formidable privacy challenges that customers are facing in demand response systems.
Keywords: cryptographic protocols; data privacy; power system reliability; smart power grids; P2DR; attributed-based encryptions; customer personal information; financial rationality verse inconvenience; operational data; power usage; privacy protection protocol; privacy threat; privacy-preserving demand response system; reliable electric power system; smart grids; substantially light overhead; supply demand balance; Control systems; Data privacy; Encryption; Load management; Protocols; Consumer privacy; Demand Response; Privacy Preservation; Smart Grids (ID#: 15-6370)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6785302&isnumber=6785290

 

Brettschneider, Daniel; Toenjes, Ralf; Roer, Peter; Hoelker, Daniel, “Distributed Algorithm for Energy Management in Smart Grids,” WTC 2014; World Telecommunications Congress 2014; Proceedings of, vol., no., pp. 1, 6, 1-3 June 2014. doi:(not provided)
Abstract: The German energy turnaround results in a trend towards an increasing amount of renewable energy sources. Together with technological innovations of novel producers, consumers and storages, power grids are facing great challenges, e.g. compensation of supply fluctuations or efficient control of consumers. Smart grids promise to overcome these drawbacks. In this paper we present an algorithm for energy management in smart grids on a street level, e.g. participating consumers are connected to one local power transformer, based on well-known scheduling algorithms. The algorithm controls the shiftable and adaptable demand of smart homes that are connected via a distributed middleware. The results show that the algorithm can reduce or even eliminate the stated problems and offers privacy and robustness.
Keywords:  (not provided) (ID#: 15-6371)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6840002&isnumber=6839998

 

Hansen, J.; Knudsen, J.; Annaswamy, A.M., “Demand Response in Smart Grids: Participants, Challenges, and a Taxonomy,” Decision and Control (CDC), 2014 IEEE 53rd Annual Conference on, vol., no., pp. 4045, 4052, 15-17 Dec. 2014. doi:10.1109/CDC.2014.7040018
Abstract: In recent decades, moves toward higher integration of Renewable Energy Resources have called for fundamental changes in both the planning and operation of the overall power grid. One such change is the incorporation of Demand Response (DR), the process by which consumers can adjust their demand in a flexible manner. This paper presents a survey of various aspects of DR including the different types of participants, as well as the underlying challenges and the overall potential of DR when it comes to large-scale implementations. Benefits of DR as reported in the literature for performance metrics such as frequency control and price control, as well as methods for ensuring privacy are discussed. A quantitative taxonomy of DR recently proposed in the literature based on the inherent magnitude, run-time, and integral constraints is discussed and its integration with economic dispatch is explored.
Keywords: demand side management; smart power grids; DR; demand response; economic dispatch; frequency control; performance metrics; price control; smart grids; Batteries; Buildings; Electric potential; Electricity; Frequency control; Power grids; Reliability (ID#: 15-6372)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7040018&isnumber=7039338

 

Junggab Son; Donghyun Kim; Sejin Lee; Heekuck Oh; Tokuta, A.; Melikyan, H., “Trade-off between Service Granularity and User Privacy in Smart Meter Operation,” Mobile Ad-hoc and Sensor Networks (MSN), 2014 10th International Conference on, vol., no., pp. 288, 293, 19-21 Dec. 2014. doi:10.1109/MSN.2014.46
Abstract: The term “smart grid” refers to the next generation power supply system. A smart meter, an essential component of the grid system, is installed at each housing unit and acts as an agent for the unit. While the smart meter is a key enabler of great opportunities and conveniences in smart grid, it is susceptible to various cyber-security attacks, especially privacy invasion from electricity providers. Trusted third party (TTP) and homomorphic encryption are two favorite tools to deal with this issue in the literature. Unfortunately, the use of TTP does not completely eliminate the privacy risk. On the other hand, the use of homomorphic encryption makes it harder for the providers to support various services whose demand can be highly diversified. In this paper, we introduce a drastically new approach to deal with the consumer privacy issue in smart grid. Our key idea is let each consumer to determine the frequency of the measurement report. In this way, each consumer can responsibly make a trade-off between the level of privacy preservation with the quality of the services it will receive.
Keywords: cryptography; power system security; smart meters; smart power grids; TTP; consumer privacy issue; cyber-security attacks; electricity providers; grid system; homomorphic encryption; housing unit; next generation power supply system; privacy invasion; privacy preservation; service granularity; service quality; smart grid; smart meter operation; trusted third party; Electricity; Encryption; Privacy; Real-time systems; Smart grids; Smart grid; service granularity; smart meter; user privacy (ID#: 15-6373)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7051783&isnumber=7051734

 

Aman, S.; Chelmis, C.; Prasanna, V., “Addressing Data Veracity in Big Data Applications,” Big Data (Big Data), 2014 IEEE International Conference on, vol., no., pp. 1, 3, 27-30 Oct. 2014. doi:10.1109/BigData.2014.7004473
Abstract: Big data applications such as in smart electric grids, transportation, and remote environment monitoring involve geographically dispersed sensors that periodically send back information to central nodes. In many cases, data from sensors is not available at central nodes at a frequency that is required for real-time modeling and decision-making. This may be due to physical limitations of the transmission networks, or due to consumers limiting frequent transmission of data from sensors located at their premises for security and privacy concerns. Such scenarios lead to partial data problem and raise the issue of data veracity in big data applications. We describe a novel solution to the problem of making short term predictions (up to a few hours ahead) in absence of real-time data from sensors in Smart Grid. A key implication of our work is that by using real-time data from only a small subset of influential sensors, we are able to make predictions for all sensors. We thus reduce the communication complexity involved in transmitting sensory data in Smart Grids. We use real-world electricity consumption data from smart meters to empirically demonstrate the usefulness of our method. Our dataset consists of data collected at 15-min intervals from 170 smart meters in the USC Microgrid for 7 years, totaling 41,697,600 data points.
Keywords: Big Data; power engineering computing; smart power grids; Big Data applications; USC Microgrid; communication complexity; data veracity; electricity consumption data; remote environment monitoring; sensory data transmission; smart electric grids; transportation; Big data; Data models; Intelligent sensors; Predictive models; Real-time systems; Smart meters; prediction model; smart grid (ID#: 15-6374)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7004473&isnumber=7004197

 

Lei Yang; Xu Chen; Junshan Zhang; Poor, H.V., “Optimal Privacy-Preserving Energy Management for Smart Meters,” INFOCOM, 2014 Proceedings IEEE, vol., no., pp. 513, 521, April 27 2014–May 2 2014. doi:10.1109/INFOCOM.2014.6847975
Abstract: Smart meters, designed for information collection and system monitoring in smart grid, report fine-grained power consumption to utility providers. With these highly accurate profiles of energy usage, however, it is possible to identify consumers' specific activity or behavior patterns, thereby giving rise to serious privacy concerns. In this paper, this concern is addressed by using battery energy storage. Beyond privacy protection, batteries can also be used to cut down the electricity bill. From a holistic perspective, a dynamic optimization framework is designed for consumers to strike a tradeoff between the smart meter data privacy and the electricity bill. In general, a major challenge in solving dynamic optimization problems lies in the need of the knowledge of the future electricity consumption events. By exploring the underlying structure of the original problem, an equivalent problem is derived, which can be solved by using only the current observations. An online control algorithm is then developed to solve the equivalent problem based on the Lyapunov optimization technique. To overcome the difficulty of solving a mixed-integer nonlinear program involved in the online control algorithm, the problem is further decomposed into multiple cases and the closed-form solution to each case is derived accordingly. It is shown that the proposed online control algorithm can optimally control the battery operations to protect the smart meter data privacy and cut down the electricity bill, without the knowledge of the statistics of the time-varying load requirement and the electricity price processes. The efficacy of the proposed algorithm is demonstrated through extensive numerical evaluations using real data.
Keywords: data privacy; integer programming; nonlinear programming; power consumption; smart meters; smart power grids; Lyapunov optimization technique; battery energy storage; dynamic optimization framework; dynamic optimization problems; electricity bill; electricity consumption; information collection; mixed-integer nonlinear program; online control algorithm; optimal privacy-preserving energy management; power consumption; privacy protection; smart grid; smart meter data privacy; time-varying load requirement; Algorithm design and analysis; Batteries; Data privacy; Electricity; Optimization; Privacy; Smart meters; Battery; Cost Saving; Data Privacy; Load Monitor; Smart Grid; Smart Meter (ID#: 15-6375)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6847975&isnumber=6847911

 

Prasad, R.S.; Semwal, S., “Multi Point Sensing (MPS): A Solution for Resolving Complexity in NIALM Applications for Indian Domestic Consumers,” Power Electronics, Drives and Energy Systems (PEDES), 2014 IEEE International Conference on, vol., no., pp. 1, 6, 16-19 Dec. 2014. doi:10.1109/PEDES.2014.7042066
Abstract: Government of India has decided to install smart meters in fourteen states. Smart meters are required to identify home appliances to fulfill various tasks in the smart grid environment. Both intrusive and non-intrusive methods have been suggested for identification. However, intrusive method is not suitable for cost and privacy reasons. On the other hand, techniques using non-intrusive appliance load monitoring (NIALM) are yet to result in meaningful practical implementation. Two major challenges in NIALM research are the choice of features (load signatures of appliances), and the appropriate algorithm. Both have a direct impact on the cost of the smart meter. In this paper, we address the two issues and propose a procedure with only four features and a simple algorithm to identify appliances. Our experimental setup, on the recommended specifications of the internal electrical wiring in Indian residences, used common household appliances' load signatures of active and reactive powers, harmonic components and their magnitudes. We show that these four features are essential and sufficient for implementation of NIALM with a simple algorithm. We have introduced a new approach of ‘multi point sensing’ and ‘group control’ rather than the ‘single point sensing’ and ‘individual control’, used so far in NIALM techniques.
Keywords: demand side management; smart meters; smart power grids; Indian domestic consumers; Indian residences; MPS; NIALM applications; group control; harmonic components; household appliances; internal electrical wiring; load signatures; multipoint sensing; nonintrusive appliance load monitoring; reactive powers; smart meter; Feature extraction; Harmonic analysis; Home appliances; Monitoring; Reactive power; Sensors; Smart meters; Demand Response Management; Load signature; NIALM; Smart grid; Smart meter (ID#: 15-6376)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7042066&isnumber=7041944

 

Alamatsaz, N.; Boustani, A.; Jadliwala, M.; Namboodiri, V., “AgSec: Secure and Efficient CDMA-Based Aggregation for Smart Metering Systems,” Consumer Communications and Networking Conference (CCNC), 2014 IEEE 11th, vol., no., pp. 489, 494, 10-13 Jan. 2014. doi:10.1109/CCNC.2014.6866615
Abstract: Security and privacy concerns in the future power grid have recently received tremendous focus from security advocates. Most existing security mechanisms utilize cryptographic techniques that are computationally expensive and bandwidth intensive. However, aggregating the large outputs of these cryptographic algorithms has not been considered thoroughly. Smart Grid Networks (SGN) generally have limitations on bandwidth, network capacity and energy. Hence, utilizing data aggregation algorithms, the limited bandwidth can be efficiently utilized. Most of the aggregation algorithms use statistical functions such as minimum, maximum, and average before transmitting data over the network. Existing aggregation algorithms, in SGNs, are generally expensive in terms of communication overhead, processing load and delay. However, our proposed CDMA-based data aggregation method provides access to all the data of all the smart meters in the root node, which in this case is the Utility Center, while keeping the smart metering data secure. The efficiency of the proposed method is confirmed by mathematical analysis.
Keywords: code division multiple access; cryptography; mathematical analysis; smart meters; smart power grids; telecommunication security; AgSec; SGN; communication overhead; cryptographic techniques; data aggregation; efficient CDMA; mathematical analysis; network capacity; network energy; power grid; privacy concerns; secure CDMA; security concerns; smart grid networks; smart metering systems; statistical functions; utility center; Cryptography; Delays; Multiaccess communication; Protocols; Smart grids; Smart meters (ID#: 15-6377)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6866615&isnumber=6866537

 

Peer, C.D.; Engel, D.; Wicker, S.B., “Hierarchical Key Management for Multi-Resolution Load Data Representation,” Smart Grid Communications (SmartGridComm), 2014 IEEE International Conference on, vol., no., pp. 926, 932, 3-6 Nov. 2014. doi:10.1109/SmartGridComm.2014.7007767
Abstract: It has been shown that information about a consumer's actions, beliefs and preferences can be extracted from high resolution load data. This information can be used in ways that violate consumer privacy. In order to increase consumer control over this information, it has been suggested that load data be represented in multiple resolutions, with each resolution secured with a different key. To make this approach work in the real-world, a suitable key management needs to be employed. In this paper, we consider a combination of multi-resolution load data representation with hierarchical key management. Emphasis is placed on a privacy-aware design that gives the end-user the freedom to decide which entity is allowed to access user related data and at what granularity.
Keywords: data structures; load management; power generation control; smart power grids; consumer actions; consumer control; consumer privacy; hierarchical key management; high resolution load data; multiresolution load data representation; privacy-aware design; Encryption; Privacy; Smart grids; Smart meters; Wavelet transforms (ID#: 15-6378)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7007767&isnumber=7007609

 

Yesudas, R.; Clarke, R., “Identifying Consumer Requirements as an Antidote to Resistance to Smart Meters,” Innovative Smart Grid Technologies Conference Europe (ISGT-Europe), 2014 IEEE PES, vol., no., pp. 1, 6, 12-15 Oct. 2014. doi:10.1109/ISGTEurope.2014.7028789
Abstract: Energy efficiency has been the primary motivation for the introduction of smart meters. But current smart metering projects are facing barriers to adoption from consumers, arising from the failure of project sponsors to understand consumers and their requirements. Consumers view smart meters with suspicion, perceiving them to be energy suppliers' efforts to maximise their profits at the expense of consumer costs, choice, health and privacy. For emergent systems like automated metering infrastructure (AMI) to avoid battling to convince consumers of their benefits, it is essential to have user-centric analysis performed before expensive infrastructures are designed and deployed. Various categories of consumers will have their own particular perspectives, and different expectations about how the system should help them to appropriately manage their energy usage. Hence it is essential to segment energy consumers and identify the requirements for each group. In this paper we look at a number of user-centric methods. We then analyse the effectiveness of combining Contextual Design (CD), focus groups and problem extraction to provide insights into energy consumer needs. Based on the analysis we outline a functional specification for a smart meter that would satisfy the energy requirements for a segment of electricity consumer with medical needs.
Keywords: energy conservation; metering; smart meters; AMI; CD; automated metering infrastructure; consumer costs; consumer requirements; contextual design; electricity consumer; energy consumers; energy efficiency; smart meters; user-centric analysis; Business; Context; Electricity; Interviews; Relays; Smart grids; Smart meters; Contextual Design; User centered design; consumer segments; requirement elicitation; smart meter (ID#: 15-6379)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7028789&isnumber=7028730

 

Azghandi, S.; Hopkinson, K.M.; McTasney, R.J., “An Empirical Model for Smart Meters Using Data Security,” Innovative Smart Grid Technologies Conference (ISGT), 2014 IEEE PES, vol., no., pp. 1, 5, 19-22 Feb. 2014. doi:10.1109/ISGT.2014.6816417
Abstract: Consumer concern regarding the privacy of their electric power usage behavior has been a major sticking point, disrupting utility fielding of smart-meters in many municipalities and regional service areas. Securing power meter readings in a way that addresses these privacy issues would alleviate public concerns and facilitate the implementation of an Advanced Metering Infrastructure (AMI). This paper proposes an empirical secure data transmission model by examining the parameters that affect the required time to transmit secured data for a network of smart meters and collectors. In this paper, the data security is accomplished using Partial Homomorphic Encryption (PHE), and the transmission of data is facilitated by configuring the smart meters and collectors hierarchically. A case study compares PHE simulation program execution times running on various Advanced RISC Machine-based (ARM-based) boards and virtual machines to determine the efficiency by which the smart meters meet a reasonable meter reading polling time for a service area.
Keywords: cryptography; data privacy; power system security; reduced instruction set computing; smart meters; virtual machines; AMI; ARM-based board; PHE simulation program; advanced RISC machine-based board; advanced metering infrastructure; electric power usage behavior; empirical secure data transmission model; municipality service area; partial homomorphic encryption; power meter reading security; regional service area; secured data transmission; smart meter; virtual machine; Clocks; Computational modeling; Data communication; Data models; Encryption; ARM-based boards; Data privacy; Efficiency; Hierarchical networks; Partial Homomorphic Encryption; Smart meters (ID#: 15-6380)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6816417&isnumber=6816367
 

---

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

---

Encryption Audits, 2014

 

	Encryption Audits 2014

Encryption audits not only test the validity and effectiveness of protection schemes, they also potentially provide data for developing and improving metrics about data security. The works cited here were presented in 2014.

---

Lopez, J.M.; Ruebsamen, T.; Westhoff, D., “Privacy-Friendly Coud Audits with Somewhat Homomorphic and Searchable Encryption,” Innovations for Community Services (I4CS), 2014 14th International Conference on, vol., no., pp. 95, 103, 4-6 June 2014. doi:10.1109/I4CS.2014.6860559
Abstract: In this paper, we provide privacy enhancements for a software agent-based audit system for clouds. We also propose a general privacy enhancing cloud audit concept which, we do present based on a recently proposed framework. This framework introduces the use of audit agents for collecting digital evidence from different sources in cloud environments. Obviously, the elicitation and storage of such evidence leads to new privacy concerns of cloud customers, since it may reveal sensitive information about the utilization of cloud services. We remedy this by applying Somewhat Homomorphic Encryption (SHE) and Public-Key Searchable Encryption (PEKS) to the collection of digital evidence. By considering prominent audit event use cases we show that the amount of cleartext information provided to an evidence storing entity and subsequently to a third-party auditor can be shaped in a good balance taking into account both, i) the customers' privacy and ii) the fact that stored information may need to have probative value. We believe that the administrative domain responsible for an evidence storing database falls under the adversary model “honest-but-curious“ and thus should perform query responses from the auditor with respect to a given cloud audit use case by purely performing operations on encrypted digital evidence data.
Keywords: cloud computing; public key cryptography; software agents; PEKS; SHE; cloud services; privacy-friendly cloud audits; public-key searchable encryption; searchable encryption; software agent-based audit system; somewhat homomorphic encryption; third-party auditor; Encryption; IP networks; Monitoring; Privacy; Public key; Audit; Cloud Computing; Computing on Encrypted Data; Evidence; Searchable Encryption; Somewhat Homomorphic Encryption (ID#: 15-6005)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6860559&isnumber=6860533

 

Kun-Lin Tsai; Jiu-Soon Tan; Fang-Yie Leu; Yi-Li Huang, “A Group File Encryption Method Using Dynamic System Environment Key,” Network-Based Information Systems (NBiS), 2014 17th International Conference on, vol., no., pp. 476, 483, 10-12 Sept. 2014. doi:10.1109/NBiS.2014.22
Abstract: File encryption is an effective way for an enterprise to prevent its data from being lost. However, the data may still be deliberately or inadvertently leaked out by the insiders or customers. When the sensitive data are leaked, it often results in huge monetary damages and credit loss. In this paper, we propose a novel group file encryption/decryption method, named the Group File Encryption Method using Dynamic System Environment Key (GEMS for short), which provides users with auto crypt, authentication, authorization, and auditing security schemes by utilizing a group key and a system environment key. In the GEMS, the important parameters are hidden and stored in different devices to avoid them from being cracked easily. Besides, it can resist known-key and eavesdropping attacks to achieve a very high security level, which is practically useful in securing an enterprise's and a government's private data.
Keywords: authorisation; business data processing; cryptography; file organisation; message authentication; GEMS; auditing security scheme; authentication; authorization; autocrypt; decryption method; dynamic system environment key; eavesdropping attack; group file encryption; security level; Authentication; Cloud computing; Computers; Encryption; Servers; DRM; group file encryption; security; system environment key (ID#: 15-6006)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7023997&isnumber=7023898

 

Sumalatha, M.R.; Hemalathaa, S.; Monika, R.; Ahila, C., “Towards Secure Audit Services for Outsourced Data in Cloud,” Recent Trends in Information Technology (ICRTIT), 2014 International Conference on, vol., no., pp. 1, 6, 10-12 April 2014. doi:10.1109/ICRTIT.2014.6996214
Abstract: The rapid growth in the field of Cloud Computing introduces a myriad of security hazards to the information and data. Data outsourcing relieves the responsibility of local data storage and maintenance, but introduces security implications. A third party service provider, stores and maintains data, application or infrastructure of cloud user. Auditing methods and infrastructures in cloud play an important character in cloud security strategies. As data and applications deployed in the cloud are more delicate, the requirement for auditing systems to provide rapid analysis and quick responses becomes inevitable. In this work we provide a privacy-preserving data integrity protection mechanism by allowing public auditing for cloud storage with the assistance of the data owner's identity. This guarantees the auditing can be done by the third party without fetching the entire data from the cloud. A data protection scheme is also outlined, by providing a method to allow for data to be encrypted in the cloud without loss of accessibility or functionality for the authorized users.
Keywords: auditing; authorisation; cloud computing; cryptography; data protection; outsourcing; storage management; auditing methods; auditing systems requirement; authorized users; cloud security strategies; cloud storage; data encryption; data maintenance; data outsourcing; data owner identity; local data storage; privacy-preserving data integrity protection; public auditing; secure audit services; security hazards; security implications; third party service provider; Authentication; Cloud computing; Encryption; Information technology; Public key; Audit service; Cloud storage; Identity; Integrity; Privacy (ID#: 15-6007)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6996214&isnumber=6996087

 

Bei Pei; Changsong Chen; Changsheng Wan, “A XOR Based Public Auditing Scheme for Proof-of-Storage,” Broadband and Wireless Computing, Communication and Applications (BWCCA), 2014 Ninth International Conference on, vol., no., pp. 558, 565, 8-10 Nov. 2014. doi:10.1109/BWCCA.2014.140
Abstract: Public auditing has vital significance in cloud computing. However, current public auditing schemes are bilinear map based, and they are costly. This paper brings out an XOR based public auditing scheme, which is much more efficient than current bilinear map based schemes.
Keywords: auditing; cloud computing; security of data; XOR-based public auditing scheme; bilinear map; proof-of-storage; Authentication; Cloud computing; Encryption; Materials; Protocols; Servers; XOR; Publicly Auditable; Proof-of-storage (ID#: 15-6008)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7016135&isnumber=7015998

 

Rewadkar, D.N.; Ghatage, S.Y., “Cloud Storage System Enabling Secure Privacy Preserving Third Party Audit,” Control, Instrumentation, Communication and Computational Technologies (ICCICCT), 2014 International Conference on, vol., no., pp. 695, 699, 10-11 July 2014. doi:10.1109/ICCICCT.2014.6993049
Abstract: Cloud computing is a revolutionary new approach to how computing services are produced and consumed. It is an abstraction of the concept of pooling resources and presenting them as virtual resources. Using cloud computing resources, data, computations, and services can be shared over scalable network of nodes; these nodes may represent the datacenters, end user computers and web services. On the same note cloud storage refers to storing the data on a remote storage located at other organization's infrastructure. The data storage is maintained and managed by the organization; the user will pay for the storage space which is used. Outsourcing data ultimately relinquishes the control of data from user and the fate of data is in control of the cloud server. As the data is stored on cloud server, the storage correctness of data is put on risk. The cloud server is managed by cloud service provider which is a different administrative entity, so ensuring the data integrity is of prime importance. This article studies the problems of ensuring data storage correctness and proposes an efficient and secure method to address these issues. A third party auditor is introduced securely, who will on behalf of users request will periodically verify the data integrity of the data stored on cloud server. There will not be any online burden on user and security of data will be maintained as the data will not be shared directly with the third party auditor. A homomorphic encryption scheme is used to encrypt the data which will be shared with the TPA. The results can be further extended to enable the third party auditor to do multiple auditing.
Keywords: cloud computing; cryptography; data integrity; data privacy; storage management;  cloud server; cloud storage system; data storage correctness; homomorphic encryption scheme; pooling resources; secure privacy preserving TPA; secure privacy preserving third party auditor; security of data; virtual resources; Cloud computing; Encryption; Privacy; Secure storage; Servers; Cloud Storage; Data integrity; ElGamal; Homomorphic encryption; Third Party Auditing (ID#: 15-6009)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6993049&isnumber=6992918

 

Cindhamani, J.; Punya, N.; Ealaruvi, R.; Dhinesh Babu, L.D., “An Enhanced Data Security and Trust Management Enabled Framework for Cloud Computing Systems,” Computing, Communication and Networking Technologies (ICCCNT), 2014 International Conference on, vol., no., pp. 1, 5, 11-13 July 2014. doi:10.1109/ICCCNT.2014.6963097
Abstract: Cloud computing is an emerging and advanced technology in IT enterprise which provides services on demand. Cloud computing includes many advantages such as flexibility, improved performance and low cost. Besides its advantages, cloud has many security issues and challenges. In this paper, we propose an enhanced frame work for data security in cloud which follows the security polices such as integrity, confidentiality and availability. The data is stored in cloud by using 128 bit encryption and RSA algorithm, then we use the trust management i.e., Trusted Party Auditor (TPA) which audits the data instead of client. Thus, we show how efficiently the data can be secured related to performance analysis.
Keywords: cloud computing; data integrity; public key cryptography; trusted computing; 128 bit encryption; RSA algorithm; TPA; cloud computing systems; data availability; data confidentiality; enhanced data security; security polices; trust management enabled framework; trusted party auditor; Algorithm design and analysis; Authentication; Cloud computing; Encryption;128 bit encryption; RSA algorithm; TPA (ID#: 15-6010)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6963097&isnumber=6962988

 

Garkoti, G.; Peddoju, S.K.; Balasubramanian, R., “Detection of Insider Attacks in Cloud Based e-Healthcare Environment,” Information Technology (ICIT), 2014 International Conference on, vol., no., pp. 195, 200, 22-24 Dec. 2014. doi:10.1109/ICIT.2014.43
Abstract: In recent years, Cloud computing has been receiving great attention from various business and research organizations as it promises to provide large storage facilities and highly managed remote services. Due to its characteristics like on-demand self service, rapid elasticity, ubiquitous network access and resource pooling, it shows high potential for providing e-Healthcare solutions. It can offer various financial and functional benefits to e-Healthcare which includes providing storage flexibility for the rapidly growing healthcare data, reduced cost, better accessibility, improved quality of care and enhancement in medical research. However at the same time, it faces many technical challenges like privacy, reliability, security etc. In the Cloud based ehealthcare environment where the patient's data is transferred between entities, maintaining the security of data becomes a priority. Cryptographic techniques can only provide a secure channel of communication but it fails to provide security at end points. Security attacks may be accomplished by the malicious insider at the end points. A malicious insider may modify the patient's data resulting in a false examination. The paper provides a detective approach for such attacks in the healthcare organizations. Our work is focused with the detection of insider attacks for preventing false examination of patient's health records and assuring the accountability of data usage. Watermarking can be used for detection of modification by an insider attack but does not provide accountability of data usage. Hence our approach combines the functionalities of cryptographic techniques and watermarking together with an accountability framework for providing transparency of patient's data usage.
Keywords: cloud computing; cryptography; electronic health records; health care; watermarking; cloud based e-healthcare environment; cryptographic techniques; data usage accountability; malicious insider attack detection; medical research; on-demand self service; patient health records; remote services; research organizations; resource pooling; secure communication channel; ubiquitous network access; Cloud computing; Medical diagnostic imaging; Medical services; Organizations; Watermarking; Cloud; audit; encryption; medical images; security (ID#: 15-6011)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7033321&isnumber=7033273

 

Sarralde, Javier Lopez; Yarza, Jose Miguel, “Cyber Security Applied to P&C IEDs,” T&D Conference and Exposition, 2014 IEEE PES, vol., no., pp. 1, 5, 14-17 April 2014. doi:10.1109/TDC.2014.6863537
Abstract: This paper highlights basic cyber security features that Protection and Control Intelligent Electronic Devices (P&C IEDs) should implement considering the current cyber security standardization efforts. Although it can be said that all functional aspects regarding the securization of IEDs are covered by these standards, there are still some gaps or lack of definition. Currently, it's difficult to install IEDs from different manufacturers within the same cyber security system. This paper emphasizes those aspects requiring additional definition and implementation of interoperability.
Keywords: Audit Trail; Authentication; Authorization; Centralized; Cyber Security; Encryption; IEC 62351; IEEE 1686; NERC CIP; P&C IED
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6863537&isnumber=6863147

 

Miyoung Jang; Min Yoon; Deulnyeok Youn; Jae Woo Chang, “Clustering-Based Query Result Authentication for Encrypted Databases in Cloud,” High Performance Computing and Communications, 2014 IEEE 6th Intl Symp on Cyberspace Safety and Security, 2014 IEEE 11th Intl Conf on Embedded Software and Syst (HPCC, CSS, ICESS), 2014 IEEE Intl Conf on, vol., no., pp. 1076, 1082, 20-22 Aug. 2014. doi:10.1109/HPCC.2014.181
Abstract: Due to advancement in cloud computing technology, the research on the outsourced database has been spotlighted. Consequently, it is becoming more important to guarantee the correctness and completeness of query result in this environment. The existing data encryption schemes do not consider data distribution when encrypting original data. And existing query result integrity methods have limitation of verification object transmission overheads. To resolve these problems, we propose a clustering-based data transformation technique and a privacy-aware query authentication index. Our clustering-based data transformation scheme is designed to select anchors based on data distribution. For the integrity of query results, our query result authentication index stores an encrypted signature for each anchor and compares the anchor signature with the verification data from the data owner. Through performance evaluation, we show that our method outperforms the existing method up to 15 times in terms of query processing time and verification.
Keywords: cloud computing; cryptography; digital signatures; pattern clustering; query processing; anchor signature; cloud computing technology; clustering-based data transformation technique; clustering-based query result authentication; data distribution; data encryption schemes; encrypted databases; encrypted signature; query processing time; query result authentication index; verification data; verification object transmission overheads; Authentication; Data structures; Encryption; Indexes; Query processing; Database outsourcing; database transformation technique; hash-based signature index; query result integrity auditing method (ID#: 15-6012)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7056877&isnumber=7056577

 

Durga Priya, G.; Prathibha, S., “Assuring Correctness for Securing Outsourced Data Repository in Cloud Environment,” Advanced Communication Control and Computing Technologies (ICACCCT), 2014 International Conference on, vol., no., pp. 1745, 1748, 8-10 May 2014. doi:10.1109/ICACCCT.2014.7019407
Abstract: The data storage in the cloud environment offers users with infrastructure affability, quicker deployment of applications and data, cost effective, acclimation of cloud resources to real needs, enhanced productivity, etc. Inspite of these beneficial factors, there are several disadvantages to the widespread adoption of cloud computing remain. Among them, surity towards the exactness of the outsourced data and matter of concealment takes the major part. In order to avoid a security hazard for the outsourced data, we propose the dynamic audit services that enable integrity verification of data. An Interactive Proof System (IPS) is introduced to protect the privacy of the data. The DataOwner stores the large number of data in the cloud after encrypting the data for auditing purpose. An Authorized Application (AA), manipulates the outsourced data and the AA helps the cloud users to access the services. Our system provides secure auditing while the data owner, outsourcing the data in the cloud. And after performing auditing operations, security solutions are enhanced for the purpose of detecting malicious users with the help of Certificate Authority, using the hash values and a TimeStamp.
Keywords: authorisation; cloud computing; data integrity; data privacy; DataOwner; IPS; TimeStamp; authorized application; certificate authority; cloud computing environment; data encryption; data integrity verification; data storage; dynamic audit services; hash values; interactive proof system; outsourced data repository security; Cryptography; Data privacy; Audit service; Certificate Authority; Data security; Dynamic operations; Hash Verification; Time stamp (ID#: 15-6013)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7019407&isnumber=7019129

 

Miao Yingkai; Chen Jia, “A Kind of Identity Authentication under Cloud Computing Environment,” Intelligent Computation Technology and Automation (ICICTA), 2014 7th International Conference on, vol., no., pp. 12, 15, 25-26 Oct. 2014. doi:10.1109/ICICTA.2014.10
Abstract: An identity authentication scheme is proposed combining with biometric encryption, public key cryptography of homomorphism and predicate encryption technology under the cloud computing environment. Identity authentication scheme is proposed based on the voice and homomorphism technology. The scheme is divided into four stages, register and training template stage, voice login and authentication stage, authorization stage, and audit stage. The results prove the scheme has certain advantages in four aspects.
Keywords: authorisation; cloud computing; public key cryptography; audit stage; authorization stage; biometric encryption; cloud computing environment; encryption technology; homomorphism technology; identity authentication scheme; public key cryptography; register and training template stage; voice login and authentication stage; voice technology; Authentication; Cloud computing; Encryption; Servers; Spectrogram; Training; homomorphism; identity authentication (ID#: 15-6014)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7003473&isnumber=7003462

 

Yen-Hung Kuo; Tzu-Wei Yeh; Guang-Yan Zheng; Jyun-Kai Wu; Chao-Chin Yang; Jia-Ming Lin, “Open Stack Secure Enterprise File Sync and Share Turnkey Solution,” Cloud Computing Technology and Science (CloudCom), 2014 IEEE 6th International Conference on, vol., no., pp. 1015, 1020, 15-18 Dec. 2014. doi:10.1109/CloudCom.2014.17
Abstract: The Enterprise File Sync and Share (EFSS) is one of the most important services to provide enterprises' employees with cloud file sync, share, and collaboration services. To take enterprises' concerns into account, such as security, privacy, compliance, and regulation, the existing EFSS solutions are either using private (on-premise) or hybrid cloud service model to provide their services. They usually emphasize that files stored in the solutions are encrypted on transfer and at rest and events occurred in the service are logged as the audit trail. However, support of data encryption and audit trail are not capable of protecting enterprise sensitive data from not well addressed security issues of the EFSS service. The security issues, including employee privacy protection, management of share links and synchronized cloud files, and the secure enterprise directory integration, are pointed out in this article. To address these issues, this work proposes and develops a scalable Secure EFSS service which can be deployed on the on-premise Open Stack cloud infrastructure to securely provide employees with EFSS service. Designs of an integrated security approach are introduced in this article, including data and metadata isolations, Distinct Share Link utility, encryption key management for personal and shared files, sandbox-based cloud file synchronization, and out-of-band authentication method.
Keywords: cloud computing; security of data; data encryption; employee privacy protection; encryption key management; integrated security approach; open stack secure enterprise file sync and share turnkey Solution; out-of-band authentication method; sandbox-based cloud file synchronization; scalable secure EFSS service; secure enterprise directory integration; security issues; share link utility; share links; synchronized cloud files; Authentication; Databases; Encryption; File systems; Synchronization; Open Stack; enterprise file sync and share; security (ID#: 15-6015)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7037799&isnumber=7036227

 

Jin Li; Xiaofeng Chen; Xhafa, F.; Barolli, L., “Secure Deduplication Storage Systems with Keyword Search,” Advanced Information Networking and Applications (AINA), 2014 IEEE 28th International Conference on, vol., no., pp. 971, 977, 13-16 May 2014. doi:10.1109/AINA.2014.118
Abstract: Data deduplication is an attractive technology to reduce storage space and upload bandwidth for increasing vast amount of duplicated and redundant data. In a cloud storage system with data deduplication, duplicate copies of data will be eliminated and only one copy will be kept in the storage. To protect the confidentiality of sensitive data while supporting deduplication, the convergent encryption technique has been proposed to encrypt the data before outsourcing. However, the issue of keyword search over encrypted data in deduplication storage system has to be addressed for efficient data utilization. This paper firstly proposes two constructions which support secure keyword search in this scenario. In these constructions, the integrity of the data can be realized by just checking the convergent key, without other traditional integrity auditing mechanisms. Security analysis demonstrates that our keyword search schemes are secure in terms of the definitions specified in the proposed security model.
Keywords: cloud computing; cryptography; data compression; data integrity; secure storage; cloud storage system; convergent key; data deduplication; data utilization; encryption technique; integrity auditing mechanisms; secure deduplication storage systems; secure keyword search; security analysis; storage space; Cloud computing; Encryption; Indexes; Keyword search; Servers; Deduplication; distributed storage system; reliability; secret sharing (ID#: 15-6016)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6838769&isnumber=6838626

 

Rathanam, G.J.; Sumalatha, M.R., “Dynamic Secure Storage System in Cloud Services,” Recent Trends in Information Technology (ICRTIT), 2014 International Conference on, vol., no., pp. 1, 5, 10-12 April 2014. doi:10.1109/ICRTIT.2014.6996175
Abstract: Nowadays storage systems are now exposed to wide numbers of threat while handling the information in cloud service. Therefore we design a secured storage system for ensuring security and dynamic operation in the environment. The data is stored in the server using dynamic data operation with partitioning method. Improved Adaptive Huffman Technique and Improved RSA Double Encryption Technique also used which enables the user to access process in a secure manner and efficient way. The system does a verification to prevent the loss of data and ensures security with storage integrity method. An efficient distributed storage auditing mechanism is implemented to overcome the limitations in handling the data loss. Security in this service enforces error localization and easy detection of misbehaving server. In nature the data are dynamic in cloud service; hence this process aims to store the data with reduced computational cost, space and time consumption.
Keywords: cloud computing; public key cryptography; storage management; RSA double encryption technique; adaptive Huffman technique; cloud services; distributed storage auditing mechanism; dynamic data operation; dynamic secure storage system; partitioning method; storage integrity method; Cloud computing; Encryption; Secure storage; Servers; Spread spectrum communication; Vegetation; Data Security; Data Storage; Huffman Technique; Partitioning; RSA Technique; Ternary Tree (ID#: 15-6017)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6996175&isnumber=6996087

 

Balamurugan, B.; Venkata Krishna, P.; Rajya, L.G.V.; Saravana Kumar, N., “Layered Storage Architecture for Health System Using Cloud,” Advanced Communication Control and Computing Technologies (ICACCCT), 2014 International Conference on, vol., no., pp. 1795, 1800, 8-10 May 2014. doi:10.1109/ICACCCT.2014.7019419
Abstract: Cloud computing is a paradigm shift from traditional computing offers services that can use ubiquitous internet to transmit data and other functionalities. The health care plays a vital role involved in mundane activities of human life. In proposed work, the efficient framework for health care system using Cloud is achieved through the segmentation algorithm and deployed. Albeit, the layered design of data storage is well-organized for huge critical data and developed with high level security and access control. The framework overcomes the impact created by attacks withstand along with security and privacy flaws of the Cloud. The integration and data sharing of hospital information is made possible using hybrid Cloud. Our framework utilizes the algebraic way of data possession for Cloud auditing those results is cost effective method for overall health care systems with high level of security standards.
Keywords: auditing; authorisation; cloud computing; data privacy; medical information systems; standards; ubiquitous computing; access control; cloud auditing; data possession; health care system; high level security; hospital information data sharing; human life; hybrid cloud; layered data storage design; layered storage architecture; mundane activities; paradigm shift; privacy flaws; security flaws; security standards; segmentation algorithm; traditional computing; ubiquitous internet; Encryption; Hospitals; Servers; Standards; Cloud; Cryptology; Data storage system; Information security; Storage area networks; privacy (ID#: 15-6018)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7019419&isnumber=7019129

 

Albakoush, Y.A.; Ismail, R.; Abu Bakar, A., “A Hybrid Architecture for Database Intrusion Preventer,” Information Technology and Multimedia (ICIMU), 2014 International Conference on, vol., no., pp. 21, 26, 18-20 Nov. 2014. doi:10.1109/ICIMU.2014.7066597
Abstract: Database management systems come with several security mechanisms such as access control, encryption and auditing. These mechanisms are very important to protect databases against various threats. However, such mechanisms may not be sufficient in dealing with database intrusion. Therefore, the prevention of any intrusion attempts as well as detecting them pose an important research issue. Despite the proposal of many techniques previously, the design and implementation of database reliable intrusion detection or prevention systems remains a substantial demand and a vital research topic. In this paper, a Hybrid Architecture for Database Intrusion Preventer (HyDBIP) has been proposed. The proposed system comprises of Signature-based, Anomaly-based and Anomaly Query Classifier (AQC) models work together to complement each other.
Keywords: SQL; authorisation; database management systems; digital signatures; pattern classification; AQC models; HyDBIP; access control; anomaly query classifier; anomaly-based classifier; auditing; database intrusion preventer; database management systems; database protection; encryption; hybrid architecture; intrusion detection; intrusion prevention systems; security mechanisms; signature-based classifier; Database systems; Information technology; Intrusion detection; Sensitivity; Servers; Anomly-based; Database Security; Intrusion Detection; Intrusion Prevention; SQL Injection; Signature-based (ID#: 15-6019)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7066597&isnumber=7066586

 

Yong Wang; Vangury, K.; Nikolai, J., “MobileGuardian: A Security Policy Enforcement Framework for Mobile Devices,” Collaboration Technologies and Systems (CTS), 2014 International Conference on,  vol., no., pp. 197, 202, 19-23 May 2014. doi:10.1109/CTS.2014.6867564
Abstract: Mobile devices such as smartphones and tablets are widely used for personal and business uses. Compared to personal mobile subscribers, enterprises have more concerns about mobile device security. The challenges an enterprise may face include unlimited access to corporate resources, lack of encryption on corporate data, unwillingness to backup data, etc. Many of these issues have been resolved by auditing and enforcing security policies in enterprise networks. However, it is difficult to audit and enforce security policies on mobile devices. A substantial discrepancy exists between enterprise security policy administration and security policy enforcement. In this paper, we propose a framework, MobileGuardian, for security policy enforcement on mobile devices. Security policy enforcement is further divided into four issues, i.e., sensitive data isolation, security policy formulation, security policy testing, and security policy execution. The proposed framework is secure, flexible, and scalable. It can be adopted on any mobile platforms to implement access control, data confidentiality, security, and integrity.
Keywords: mobile computing; security of data; MobileGuardian framework; access control; data confidentiality; data integrity; data security; enterprise networks; enterprise security policy administration; mobile device security; mobile devices; personal mobile subscribers; security policy enforcement framework; security policy execution; security policy formulation; security policy testing; sensitive data isolation; smart phones; tablet computers; Access control; Business; Mobile communication; Smart phones; Testing; enforcement; formulation; isolation; mobile device; security policy; testing (ID#: 15-6020)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6867564&isnumber=6867522
 

---

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

---

Homomorphism, 2014

 

	Homomorphism 2014

Homomorphic encryption shows promise, but continues to demand a heavy processing load in practice. Research into homomorphism is focused on creating greater efficiencies, as well as elaborating on the underlying theory. The work cited here
was presented in 2014.

---

Ebrahimi, J.B.; Siavoshani, M.J., “Linear Index Coding via Graph Homomorphism,” Control, Decision and Information Technologies (CoDIT), 2014 International Conference on, vol., no., pp. 158, 163, 3-5 Nov. 2014. doi:10.1109/CoDIT.2014.6996886
Abstract: In [1], [2] it is shown that the minimum broadcast rate of a linear index code over a finite field F_q is equal to an algebraic invariant of the underlying digraph, called minrank_q. In [3], it is proved that for F₂ and any positive integer k, minrank_q(G) ≤ k if and only if there exists a homomorphism from the complement of the graph G to the complement of a particular undirected graph family called “graph family {Gk}”.  As observed in [2], by combining these two results one can relate the linear index coding problem of undirected graphs to the graph homomorphism problem. In [4], a direct connection between linear index coding problem and graph homomorphism problem is introduced. In contrast to the former approach, the direct connection holds for digraphs as well and applies to any field size. More precisely, in [4], a graph family {H_k^q} has been introduced and shown that whether or not the scalar linear index of a digraph G is less than or equal to k is equivalent to the existence of a graph homomorphism from the complement of G to the complement of H_k^q. In this paper, we first study the structure of the digraphs H_k^q defined in [4]. Analogous to the result of [2] about undirected graphs, we prove that H_k^q are vertex transitive digraphs. Using this, and by applying a lemma of Hell and Nesetril [5], we derive a class of necessary conditions for digraphs G to satisfy lind_q(G) ≤ k. Particularly, we obtain new lower bounds on lind_q(G). Our next result is about the computational complexity of scalar linear index of a digraph. It is known that deciding whether the scalar linear index of an undirected graph is equal to k or not is NP-complete for k ≥ 3 and is polynomially decidable for k = 1, 2 [3]. For digraphs, it is shown in [6] that for the binary alphabet, the decision- problem for k = 2 is NP-complete. We use graph homomorphism framework to extend this result to arbitrary alphabet.
Keywords: computational complexity; directed graphs; encoding; NP-complete; algebraic invariant; computational complexity; graph homomorphism; linear index coding; minimum broadcast rate; scalar linear index; undirected graph; vertex transitive digraph; Color; Computational complexity; Educational institutions; Encoding; Indexes; Receivers; Vectors; Index coding; computational complexity of the minrank; graph homomorphism; linear index coding; minrank of a graph (ID#: 15-6021)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6996886&isnumber=6996851

 

Ebrahimi, J.B.; Siavoshani, M.J., “On Index Coding and Graph Homomorphism,” Information Theory Workshop (ITW), 2014 IEEE, vol., no., pp. 541, 545, 2-5 Nov. 2014. doi:10.1109/ITW.2014.6970890
Abstract: In this work, we study the problem of index coding from graph homomorphism perspective. We show that the minimum broadcast rate of an index coding problem for different variations of the problem such as non-linear, scalar, and vector index code, can be upper bounded by the minimum broadcast rate of another index coding problem when there exists a homomorphism from the complement of the side information graph of the first problem to that of the second problem. As a result, we show that several upper bounds on scalar and vector index code problem are special cases of one of our main theorems. For the linear scalar index coding problem, it has been shown in [1] that the binary linear index of a graph is equal to a graph theoretical parameter called minrank of the graph. For undirected graphs, in [2] it is shown that minrank(G) = k if and only if there exists a homomorphism from G to a predefined graph Gk. Combining these two results, it follows that for undirected graphs, all the digraphs with linear index of at most k coincide with the graphs G for which there exists a homomorphism from G to G_k. In this paper, we give a direct proof to this result that works for digraphs as well. We show how to use this classification result to generate lower bounds on scalar and vector index. In particular, we provide a lower bound for the scalar index of a digraph in terms of the chromatic number of its complement. Using our framework, we show that by changing the field size, linear index of a digraph can be at most increased by a factor that is independent from the number of the nodes.
Keywords: binary codes; directed graphs; graph theory; linear codes; nonlinear codes; binary linear index; chromatic number; digraphs; field size; graph homomorphism; graph theoretical parameter; linear scalar index coding problem; minimum broadcast rate; minrank; nonlinear codes; scalar codes; side information graph; undirected graphs; upper bound; vector index code problem; Educational institutions; Encoding; Indexes; Network coding; Receivers; Upper bound; Vectors (ID#: 15-6022)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6970890&isnumber=6970773

 

Guozi Sun; Siqi Huang; Wan Bao; Yitao Yang; Zhiwei Wang, “A Privacy Protection Policy Combined with Privacy Homomorphism in the Internet of Things,” Computer Communication and Networks (ICCCN), 2014 23rd International Conference on, vol., no., pp. 1, 6, 4-7 Aug. 2014. doi:10.1109/ICCCN.2014.6911856
Abstract: Recently, IOT (Internet of Things) develops very rapidly. However, the personal privacy protection is one of directly important factors that impact the large-scale applications of IOT. To solve this problem, this paper proposes a privacy protection policy based on privacy homomorphism. It can protect the security of personal information well by processing the needs of users without acquiring of plaintext. In another aspect, it also greatly improves the performance of the original multiplication homomorphism algorithm.
Keywords: Internet; Internet of Things; data privacy; multiplication homomorphism algorithm; personal information; personal privacy protection; plaintext; privacy homomorphism; privacy protection policy; Algorithm design and analysis; Encryption; Privacy; IOT; homomorphism; personal privacy; security (ID#: 15-6023)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6911856&isnumber=6911704

 

Miao Yingkai; Chen Jia, “A Kind of Identity Authentication under Cloud Computing Environment,” Intelligent Computation Technology and Automation (ICICTA), 2014 7th International Conference on, vol., no., pp. 12, 15, 25-26 Oct. 2014. doi:10.1109/ICICTA.2014.10
Abstract: An identity authentication scheme is proposed combining with biometric encryption, public key cryptography of homomorphism and predicate encryption technology under the cloud computing environment. Identity authentication scheme is proposed based on the voice and homomorphism technology. The scheme is divided into four stages, register and training template stage, voice login and authentication stage, authorization stage, and audit stage. The results prove the scheme has certain advantages in four aspects.
Keywords: authorisation; cloud computing; public key cryptography; audit stage; authorization stage; biometric encryption; cloud computing environment; encryption technology; homomorphism technology; identity authentication scheme; public key cryptography; register and training template stage; voice login and authentication stage; voice technology; Authentication; Cloud computing; Encryption; Servers; Spectrogram; Training; homomorphism; identity authentication (ID#: 15-6024)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7003473&isnumber=7003462

 

Shu Qin Ren; Tany, B.H.M.; Sundaram, S.; Taining Wang; Khin Mi Mi Aung, “Homomorphic Exclusive-Or Operation Enhance Secure Searching on Cloud Storage,” Cloud Computing Technology and Science (CloudCom), 2014 IEEE 6th International Conference on, vol., no., vol., no., pp. 989, 994, 15-18 Dec. 2014. doi:10.1109/CloudCom.2014.86
Abstract: Enterprise cloud tenants would store their outsourced cloud data in encrypted form for data privacy and security. However, flexible data access functions such as data searching is usually sacrificed as a result. Thus, enterprise tenants demand secure data retrieval and computation solution from the cloud provider, which will allow them to utilize cloud services without the risks of leaking private data to outsiders and even service providers. In this paper, we propose an exclusive-or (XOR) homomorphism encryption scheme to support secure keyword searching on encrypted data. First, this scheme specifies a new data protection method by encrypting the data and randomizing it by performing XOR operation with a random bit-string. Second, this scheme can effectively protect data-in-transit against passive attack such as cipher text analysis due to the randomization. Third, this scheme is lightweight and only requires a symmetric encryption scheme and bitwise operations, which requires processing time in the order of milliseconds.
Keywords: cloud computing; cryptography; data protection; information retrieval; outsourcing; storage management; XOR homomorphism encryption scheme; bitwise operations; cloud services; computation solution; data access functions; data privacy; data retrieval; data security; data-in-transit protection; enterprise cloud tenants; homomorphic exclusive-or operation enhance secure searching; outsourced cloud data storage; passive attack; random bit-string; secure keyword searching; symmetric encryption scheme; Ciphers; Cloud computing; Electronic mail; Encryption; Servers; Silicon; Cloud storage; Secure searching; XOR-homomorphism encryption (ID#: 15-6025)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7037795&isnumber=7036227

 

Wadhwa, D.; Dabas, P., “A Coherent Dynamic Remote Integrity Check on Cloud Data Utilizing Homomorphic Cryptosystem,” Confluence The Next Generation Information Technology Summit (Confluence), 2014 5th International Conference, vol., no., pp. 91, 96, 25-26 Sept. 2014. doi:10.1109/CONFLUENCE.2014.6949264
Abstract: Checking remote data integrity in climacteric cloud computing infrastructure is a valuable matter of concern. As the idea of cloud computing entered into a wide implementation today, data access becomes a major security issue. One of the various privacy concerns that are possibly taken into consideration relates to the maintenance of cloud data integrity. Directing users to check data integrity under public audibility is a task to be greatly considered. It is made through third party verifier who provides the client a proof whether the data placed on the server is altered or not. We proposed a dynamic data integrity checking mechanism in which the proof of correct data possession can be made from server on demand. Verifier, on behalf of the client can make a call to the server for verifying the correctness of the stored data, at anytime. This protocol is designed keeping the dynamic nature of cloud as the data placed on the server goes on changing very frequently. Thus, a dynamic data integrity approach is adopted here which includes the RSA encryption system as a method for public cryptosystem. A multiplicative homomorphic property, an idea towards integrity checking of cloud data, is implemented here. The beauty of applying and including the homomorphism property in our protocol is that, the proof can be generated by the third party verifier without having any clue of the original data. Our research is dually aimed at A) generating proof of correct data possession in a dynamic cloud environment B) providing high security of cloud data through homomorphic cryptosystem. The proposed technique is implemented in a very productive and cost effective manner. The testing results of the proposed work are propitious and favorable.
Keywords: cloud computing; cryptographic protocols; data integrity; public key cryptography; RSA encryption system; climacteric cloud computing infrastructure; cloud data; coherent dynamic remote integrity check; correct data possession proof; dynamic data integrity checking mechanism; homomorphic cryptosystem; multiplicative homomorphic property; proof generation; public cryptosystem; server on demand; stored data correctness verification; third party verifier; Ciphers; Cloud computing; Educational institutions; Protocols; Servers; RSA cryptosystem; data possesion; dynamic cloud data; homomorphism; integrity checking; verifier (ID#: 15-6026)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6949264&isnumber=6949036

 

Gobel, A.; Goldberg, L.A.; McQuillan, C.; Richerby, D.; Yamakami, T., “Counting List Matrix Partitions of Graphs,” Computational Complexity (CCC), 2014 IEEE 29th Conference on, vol., no., pp. 56, 65, 11-13 June 2014. doi:10.1109/CCC.2014.14
Abstract: Given a symmetric DxD matrix M over {0, 1, *}, a list M-partition of a graph G is a partition of the vertices of G into D parts which are associated with the rows of M. The part of each vertex is chosen from a given list in such a way that no edge of G is mapped to a 0 in M and no non-edge of G is mapped to a 1 in M. Many important graph-theoretic structures can be represented as list M-partitions including graph colourings, split graphs and homogeneous sets, which arise in the proofs of the weak and strong perfect graph conjectures. Thus, there has been quite a bit of work on determining for which matrices M computations involving list M-partitions are tractable. This paper focuses on the problem of counting list M-partitions, given a graph G and given lists for each vertex of G. We give an algorithm that solves this problem in polynomial time for every (fixed) matrix M for which the problem is tractable. The algorithm relies on data structures such as sparse-dense partitions and sub cube decompositions to reduce each problem instance to a sequence of problem instances in which the lists have a certain useful structure that restricts access to portions of M in which the interactions of 0s and 1s is controlled. We show how to solve the resulting restricted instances by converting them into particular counting constraint satisfaction problems (#CSPs) which we show how to solve using a constraint satisfaction technique known as "arc-consistency". For every matrix M for which our algorithm fails, we show that the problem of counting list M-partitions is #P-complete. Furthermore, we give an explicit characterisation of the dichotomy theorem — counting list M-partitions is tractable (in FP) if and only if the matrix M has a structure called a derectangularising sequence. Finally, we show that the meta-problem of determining whether a given matrix has a derectangularising sequence is NP-complete.
Keywords: computational complexity; constraint satisfaction problems; data structures; directed graphs; graph colouring; matrix algebra; #P-complete problem; CSPs; NP-complete problem; arc-consistency; counting constraint satisfaction problems; counting list matrix partitions; data structures; derectangularising sequence; graph colourings; graph-theoretic structures; homogeneous sets; meta-problem; perfect graph conjectures; polynomial time; sparse-dense partitions; split graphs; subcube decompositions; undirected graph; Complexity theory; Data structures; Educational institutions; Europe; Partitioning algorithms; Standards; Symmetric matrices; counting complexity; dichotomy theorem; graph algorithms; graph homomorphism (ID#: 15-6027)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6875475&isnumber=6875460

 

Thendral, G.; Valliyammai, C., “Dynamic Auditing and Updating Services in Cloud Storage,” Recent Trends in Information Technology (ICRTIT), 2014 International Conference on, vol., no., pp. 1, 6, 10-12 April 2014. doi:10.1109/ICRTIT.2014.6996181
Abstract: Cloud is an innovative service platform. In this computing standard it delivers all the resources such as both hardware and software as a service over the Internet. Since the information are outsourced on the server of cloud and maintained at an anonymous place, there is the possibility of alteration or modification on the data because of any of the failures or because of the fraudulence of the mischievous server. To achieve the data integrity, there is a need of employing some of the data verification and auditing techniques. The proposed work is to perform the dynamic auditing for integrity verification and data dynamics in cloud storage with lower computation and communication cost, using techniques such as tagging, hash tag table and arbitrary sampling. It also supports timely anomaly detection and updates to outsourced data.
Keywords: cloud computing; data integrity; formal verification; Internet; anonymous place; auditing techniques; cloud storage; communication cost; computing standard; data dynamics; data integrity verification; dynamic auditing; innovative service platform; mischievous server; updating services; Cloud computing; Cryptography; Data models; Heuristic algorithms; Market research; Protocols; Servers; Audit service; Cloud Storage; Data Dynamics; Homomorphism  (ID#: 15-6028)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6996181&isnumber=6996087

 

Legaux, J.; Loulergue, F.; Jubertie, S., “Development Effort and Performance Trade-off in High-Level Parallel Programming,” High Performance Computing & Simulation (HPCS), 2014 International Conference on, vol., no., pp. 162, 169, 21-25 July 2014. doi:10.1109/HPCSim.2014.6903682
Abstract: Research on high-level parallel programming approaches systematically evaluate the performance of applications written using these approaches and informally argue that high-level parallel programming languages or libraries increase the productivity of programmers. In this paper we present a methodology that allows to evaluate the trade-off between programming effort and performance of applications developed using different programming models. We apply this methodology on some implementations of a function solving the all nearest smaller values problem. The high-level implementation is based on a new version of the BSP homomorphism algorithmic skeleton.
Keywords: parallel programming; parallelising compilers; software performance evaluation; BSP homomorphism algorithmic skeleton; application performance trade-off; bulk synchronous parallelism; development effort; high-level parallel programming; programming models; Arrays; Libraries; Measurement; Parallel programming; Semantics; Skeleton; C++; algorithmic skeletons; software metrics (ID#: 15-6029)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6903682&isnumber=6903651

 

Genest, D.; Legeay, M.; Loiseau, S.; Bechade, C., “A Graphical Language to Query Conceptual Graphs,” Tools with Artificial Intelligence (ICTAI), 2014 IEEE 26th International Conference on, vol., no., pp. 304, 308, 10-12 Nov. 2014. doi:10.1109/ICTAI.2014.53
Abstract: This paper presents a general query language for conceptual graphs. First, we introduce kernel query graphs. A kernel query graph can be used to express an "or" between two sub-graphs, or an "option" on an optional sub-graph. Second, we propose a way to express two kinds of queries (ask and select) using kernel query graphs. Third, the answers of queries are computed by an operation based on graph homomorphism: the projection from a kernel query graph.
Keywords: graph theory; knowledge representation; visual languages; graph homomorphism; graphical language; kernel query graphs; query conceptual graphs; sub-graphs; Database languages; Kernel; Niobium; Standards; Tin; Visualization; Vocabulary; Conceptual graph; Query language; SPARQL (ID#: 15-6030)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6984489&isnumber=6983902

 

Aditya, S.K.; Premkumar, K.; Anitha, R.; Mukherjee, S., “Combined Security Framework for Multi-Cloud Environment,” Internet Technology and Secured Transactions (ICITST), 2014 9th International Conference for, vol., no., pp. 100, 105, 8-10 Dec. 2014. doi:10.1109/ICITST.2014.7038786
Abstract: Cloud computing is a field which has been rapidly developing over the past few years. The fact that cloud can offer both storage and computation at low rates makes it popular among corporations and IT industries. This also makes it a very attractive proposition for the future. But in spite of its promise and potential, security in the cloud proves to be a cause for concern to the business sector. This is due to the outsourcing of data onto third party managed cloud platform. These security concerns also make the use of cloud services less flexible. In this paper, we provide a secure framework that allows data to be stored securely in the cloud while at the same time allowing operations to be performed on it without any compromise of the sensitive parts of the data. A combination of searchable encryption with Partial Homomorphism is proposed. The strengths and practicality of the suggested solution have been tested experimentally and results are discussed.
Keywords: cloud computing; cryptography; IT industries; business sector; cloud computing; cloud services; combined security framework; data outsourcing; data storage; multicloud environment; partial homomorphism; searchable encryption; third party managed cloud platform; Ciphers; Cloud computing; Databases; Encryption; Cloud Computing; Cloud Security; Homomorphic Encryption; Searchable Encryption; Secure Socket Layer (ID#: 15-6031)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7038786&isnumber=7038754

 

Yuan Tian; Al-Rodhaan, M.; Biao Song; Al-Dhelaan, A.; Ting Huai Ma, “Somewhat Homomorphic Cryptography for Matrix Multiplication Using GPU Acceleration,” Biometrics and Security Technologies (ISBAST), 2014 International Symposium on, vol., no., pp. 166, 170, 26-27 Aug. 2014. doi:10.1109/ISBAST.2014.7013115
Abstract: Homomorphic encryption has become a popular research topic since the cloud computing paradigm emerged. This paper discusses the design of a GPU-assisted homomorphic cryptograph for matrix operation. Our proposed scheme is based on an n*n matrix multiplication which are computationally homomorphic. We use more efficient GPU programming scheme with the extension of DGHV homomorphism, which prove the result of verification does not leak any information about the inputs or the output during the encryption and decryption. The performance results are obtained from the executions on a machine equipped with a GeForce GTX 765M GPU. We use three basic parallel algorithms to form efficient solutions which accelerate the speed of encryption and evaluation. Although fully homomorphic encryption is still not practical for real world applications in current stage, this work shows the possibility to improve the performance of homomorphic encryption and achieve this target one step closer.
Keywords: cryptography; graphics processing units; matrix multiplication; parallel algorithms; DGHV homomorphism; GPU acceleration; GPU programming; GeForce GTX 765M GPU; decryption; homomorphic cryptography; Acceleration; Educational institutions; Encryption; Graphics processing units; Public key; Cloud; Cryptography; GPU; Homomorphic encryption; Matrix multiplication; Privacy; Security (ID#: 15-6032)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7013115&isnumber=7013076

 

Soonhwa Sung, “Confidential Aggregation for Wireless Transmissions,” Information Networking (ICOIN), 2014 International Conference on, vol., no., pp. 390, 394, 10-12 Feb. 2014. doi:10.1109/ICOIN.2014.6799711
Abstract: Wireless sensor network would like to act a secure data aggregation in a cluster. In the previous scheme, there was no efficient data aggregation considering encrypted-data aggregation in multi-layer cluster environment. More specifically, the scheme doesn't provide multi-layer cluster environment due to one-hop to the base station and it pre-installs keys for verification and data aggregation in the Cluster Head before deployment, so it limits the flexibility of system deployment and aggregation. Besides, it doesn't support dynamic key management to bring more flexibility in data aggregation. Therefore, this paper proposes data confidentiality for wireless sensor transmission with three layers. Three layers which are composed of public, Sensor Key Translation, and confidential layers operate to solve these problems. The paper extends privacy homomorphism functions to support dynamic data aggregation and the sensors can be moved to another cluster using three layers.
Keywords: cryptography; pattern clustering; telecommunication network management; wireless sensor networks; base station; cluster head; confidential aggregation; confidential layers; data confidentiality; dynamic data aggregation; dynamic key management; encrypted-data aggregation; multilayer cluster environment; privacy homomorphism functions; public layers; secure data aggregation; sensor key translation layers; wireless sensor network; wireless transmissions; Communication system security; Data privacy; Encryption; Wireless communication; Wireless sensor networks; Cluster Head(CH); confidential aggregation; homomorphic encryption; symmetric homomorphic scheme; three-layer cluster interaction (ID#: 15-6033)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6799711&isnumber=6799467

 

Yingming Zhao; Yue Pan; Sanchao Wang; Junxing Zhang, “An Anonymous Voting System Based on Homomorphic Encryption,” Communications (COMM), 2014 10th International Conference on, vol., no., pp. 1, 4, 29-31 May 2014. doi:10.1109/ICComm.2014.6866682
Abstract: In this paper we present an electronic voting system based on Homomorphic encryption to ensure anonymity, privacy, and reliability in the voting. Homomorphic encryption is a subset of privacy homomorphism. It is capable of computing the encrypted data directly and also encrypting the result of the operation automatically. For this reason it has a wide range of applications including secure multi-party computation, database encryption, electronic voting, etc. In this paper, we make use of the homomorphic encryption mechanism to design and implement an electronic voting system that supports the separation of privileges among voters, tellers, and announcers. Our experimental results show the system not only ensures anonymity in voting but also presents cheating during the counting process.
Keywords: algebra; cryptography; data privacy; database management systems; government data processing; algebraic operations; anonymity; anonymous voting system; ciphertext; counting process; database encryption; electronic voting system; homomorphic encryption mechanism; privacy homomorphism; reliability; secure multiparty computation; Additives; Electronic voting; Electronic voting systems; Encryption; Privacy; homomorphic encryption (ID#: 15-6034)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6866682&isnumber=6866648

 

Drake, R.; Pu, K.Q., “Using Document Space for Relational Search,” Information Reuse and Integration (IRI), 2014 IEEE 15th International Conference on, vol., no., pp. 841, 844, 13-15 Aug. 2014. doi:10.1109/IRI.2014.7051977
Abstract: In this paper, we present a family of methods and algorithms to efficiently integrate text indexing and keyword search from information retrieval to support search in relational databases. We propose a bi-directional transformation that maps relational database instances to document collections. The transformation is shown to be a homomorphism of keyword search. Thus, any search of tuple networks by a keyword query can be efficiently executed as a search for documents, and vice versa. By this construction, we demonstrate that indexing and search technologies developed for documents can naturally be reduced and integrated into relational database systems.
Keywords: indexing; query processing; relational databases; text analysis; bidirectional transformation; document collections; document space; information retrieval; keyword query; keyword search homomorphism; relational database systems; relational search; text indexing; tuple networks; Couplings; Encoding; Indexing; Keyword search; Relational databases; Search problems (ID#: 15-6035)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7051977&isnumber=7051718

 

Chou, R.A.; Bloch, M.R.; Kliewer, J., “Low-Complexity Channel Resolvability Codes for the Symmetric Multiple-Access Channel,” Information Theory Workshop (ITW), 2014 IEEE, vol., no., pp. 466, 470, 2-5 Nov. 2014. doi:10.1109/ITW.2014.6970875
Abstract: We investigate channel resolvability for the l-user multiple-access channel (MAC) with two different families of encoders. The first family consists of invertible extractors, while the second one consists of injective group homomorphisms, and was introduced by Hayashi for the point-to-point channel resolvability. The main benefit of these two families is to provide explicit low-complexity channel resolvability codes in the case of symmetric MACs. Specifically, we provide two examples of families of invertible extractors suitable for MAC resolvability with uniform input distributions, one based on finite-field multiplication, which can be implemented in O(n log n) for a limited range of values of the encoding blocklength n, and a second based on modified Toeplitz matrices, which can be implemented in O(n log n) for a wider range of values of n. We also provide an example of family of injective group homomorphisms based on finite-field multiplication suitable for MAC resolvability with uniform input distributions, which can be implemented in O(n log n) for some values of n.
Keywords: Toeplitz matrices; channel coding; multi-access systems; MAC resolvability; finite-field multiplication; injective group homomorphisms; invertible extractors; low-complexity channel resolvability codes; point-to-point channel resolvability; symmetric multiple access channel; Computers; Electronic mail; Encoding; Random variables; Silicon; Vectors; Zinc (ID#: 15-6036)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6970875&isnumber=6970773
 

 

Feng Zhao; Chao Li; Chun Feng Liu, “A Cloud Computing Security Solution Based on Fully Homomorphic Encryption,” Advanced Communication Technology (ICACT), 2014 16th International Conference on, vol., no., pp. 485, 488, 16-19 Feb. 2014. doi:10.1109/ICACT.2014.6779008
Abstract: With the rapid development of Cloud computing, more and more users deposit their data and application on the cloud. But the development of Cloud computing is hindered by many Cloud security problem. Cloud computing has many characteristics, e.g. multi-user, virtualization, scalability and so on. Because of these new characteristics, traditional security technologies can't make Cloud computing fully safe. Therefore, Cloud computing security becomes the current research focus and is also this paper's research direction[1]. In order to solve the problem of data security in cloud computing system, by introducing fully homomorphism encryption algorithm in the cloud computing data security, a new kind of data security solution to the insecurity of the cloud computing is proposed and the scenarios of this application is hereafter constructed. This new security solution is fully fit for the processing and retrieval of the encrypted data, and effectively leading to the broad applicable prospect, the security of data transmission and the storage of the cloud computing[2].
Keywords: cloud computing; cryptography; cloud computing security solution; cloud security problem; data security solution; data storage; data transmission; encrypted data processing; encrypted data retrieval; fully homomorphic encryption algorithm; security technologies; Cloud computing; Encryption; Safety; Cloud security; Cloud service; Distributed implementation; Fully homomorphic encryption (ID#: 15-6037)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6779008&isnumber=6778899 
 

---

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

---

I/O Systems Security, 2014

 

	I/O Systems Security 2014

Management of I/O devices is a critical part of the operating system. Entire I/O subsystems are devoted to its operation. These subsystems contend both with the movement towards standard interfaces for a wide range of devices to makes it easier to add newly developed devices to existing systems, and the development of entirely new types of devices for which existing standard interfaces can be difficult to apply. Typically, when accessing files, a security check is performed when the file is created or opened. The security check is typically not done again unless the file is closed and reopened. If an opened file is passed to an untrusted caller, the security system can, but is not required to prevent the caller from accessing the file. Research into I/O security addresses the need to provide adequate security economically and to scale. Research works cited here were published or presented in 2014. 

---

Yeongjin Jang, Chengyu Song, Simon P. Chung, Tielei Wang, Wenke Lee; “A11y Attacks: Exploiting Accessibility in Operating Systems,” CCS ’14, Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, November 2014, Pages 103-115. doi:10.1145/2660267.2660295
Abstract: Driven in part by federal law, accessibility (a11y) support for disabled users is becoming ubiquitous in commodity OSs. Some assistive technologies such as natural language user interfaces in mobile devices are welcomed by the general user population. Unfortunately, adding new features in modern, complex OSs usually introduces new security vulnerabilities. Accessibility support is no exception. Assistive technologies can be defined as computing subsystems that either transform user input into interaction requests for other applications and the underlying OS, or transform application and OS output for display on alternative devices. Inadequate security checks on these new I/O paths make it possible to launch attacks from accessibility interfaces. In this paper, we present the first security evaluation of accessibility support for four of the most popular computing platforms: Microsoft Windows, Ubuntu Linux, iOS, and Android. We identify twelve attacks that can bypass state-of-the-art defense mechanisms deployed on these OSs, including UAC, the Yama security module, the iOS sandbox, and the Android sandbox. Further analysis of the identified vulnerabilities shows that their root cause is that the design and implementation of accessibility support involves inevitable trade-offs among compatibility, usability, security, and (economic) cost. These trade-offs make it difficult to secure a system against misuse of accessibility support. Based on our findings, we propose a number of recommendations to either make the implementation of all necessary security checks easier and more intuitive, or to alleviate the impact of missing/incorrect checks. We also point out open problems and challenges in automatically analyzing accessibility support and identifying security vulnerabilities.
Keywords: accessibility, assistive technology, attacks (ID#: 15- 6633)
URL:  http://doi.acm.org/10.1145/2660267.2660295

Lisa J. K. Durbeck, Peter M. Athanas, Nicholas J. Macias; “Secure-by-Construction Composable Componentry for Network Processing,” HotSoS ’14, Proceedings of the 2014 Symposium and Bootcamp on the Science of Security, April 2014, Article No. 27. doi:10.1145/2600176.2600203
Abstract: Techniques commonly used for analyzing streaming video, audio, SIGINT, and network transmissions, at less-than-streaming rates, such as data decimation and ad-hoc sampling, can miss underlying structure, trends and specific events held in the data. This work presents a secure-by-construction approach  for the upper-end data streams with rates from 10- to 100 Gigabits per second. The secure-by-construction approach strives to produce system security through the composition of individually secure hardware and software components. The proposed network processor can be used not only at data centers but also within networks and onboard embedded systems at the network periphery for a wide range of tasks, including preprocessing and data cleansing, signal encoding and compression, complex event processing, flow analysis, and other tasks related to collecting and analyzing streaming data. Our design employs a four-layer scalable hardware/software stack that can lead to inherently secure, easily constructed specialized high-speed stream processing.  This work addresses the following contemporary problems: (1) There is a lack of hardware/software systems providing stream processing and data stream analysis operating at the target data rates; for high-rate streams the implementation options are limited: all-software solutions can't attain the target rates[1]. GPUs and GPGPUs are also infeasible: they were not designed for I/O at 10-100Gbps; they also have asymmetric resources for input and output and thus cannot be pipelined[4, 2], whereas custom chip-based solutions are costly and inflexible to changes, and FPGA-based solutions are historically hard to program[6]; (2) There is a distinct advantage to utilizing high-bandwidth or line-speed analytics to reduce time-to-discovery of information, particularly ones that can be pipelined together to conduct a series of processing tasks or data tests without impeding data rates; (3) There is potentially significant network infrastructure cost savings possible from compact and power-efficient analytic support deployed at the network periphery on the data source or one hop away; (4) There is a need for agile deployment in response to changing objectives; (5) There is an opportunity to constrain designs to use only secure components to achieve their specific objectives.  We address these five problems in our stream processor design to provide secure, easily specified processing for low-latency, low-power 10-100Gbps in-line processing on top of a commodity high-end FPGA-based hardware accelerator network processor. With a standard interface a user can snap together various filter blocks, like Legos™, to form a custom processing chain. The overall design is a four-layer solution in which the structurally lowest layer provides the vast computational power to process line-speed streaming packets, and the uppermost layer provides the agility to easily shape the system to the properties of a given application. Current work has focused on design of the two lowest layers, highlighted in the design detail in Figure 1. The two layers shown in Figure 1 are the embeddable portion of the design; these layers, operating at up to 100Gbps, capture both the low- and high frequency components of a signal or stream, analyze them directly, and pass the lower frequency components, residues to the all-software upper layers, Layers 3 and 4; they also optionally supply the data-reduced output up to Layers 3 and 4 for additional processing. Layer 1 is analogous to a systolic array of processors on which simple low-level functions or actions are chained in series[5]. Examples of tasks accomplished at the lowest layer are: (a) check to see if Field 3 of the packet is greater than 5, or (b) count the number of X.75 packets, or (c) select individual fields from data packets. Layer 1 provides the lowest latency, highest throughput processing, analysis and data reduction, formulating raw facts from the stream; Layer 2, also accelerated in hardware and running at full network line rate, combines selected facts from Layer 1, forming a first level of information kernels. Layer 2 is comprised of a number of combiners intended to integrate facts extracted from Layer 1 for presentation to Layer 3. Still resident in FPGA hardware and hardware-accelerated, a Layer 2 combiner is comprised of state logic and soft-core microprocessors. Layer 3 runs in software on a host machine, and is essentially the bridge to the embeddable hardware; this layer exposes an API for the consumption of information kernels to create events and manage state. The generated events and state are also made available to an additional software Layer 4, supplying an interface to traditional software-based systems. As shown in the design detail, network data transitions systolically through Layer 1, through a series of light-weight processing filters that extract and/or modify packet contents. All filters have a similar interface: streams enter from the left, exit the right, and relevant facts are passed upward to Layer 2. The output of the end of the chain in Layer 1 shown in the Figure 1 can be (a) left unconnected (for purely monitoring activities), (b) redirected into the network (for bent pipe operations), or (c) passed to another identical processor, for extended processing on a given stream (scalability).
Keywords: 100 Gbps, embedded hardware, hardware-software co-design, line-speed processor, network processor, secure-by-construction, stream processing (ID#: 15-6634)
URL:  http://doi.acm.org/10.1145/2600176.2600203

S. T. Choden Konigsmark, Leslie K. Hwang, Deming Chen, Martin D. F. Wong; “System-of-PUFs: Multilevel Security for Embedded Systems,” CODES ’14, Proceedings of the 2014 International Conference on Hardware/Software Codesign and System Synthesis, October 2014, Article No. 27. doi:10.1145/2656075.2656099
Abstract: Embedded systems continue to provide the core for a wide range of applications, from smart-cards for mobile payment to smart-meters for power-grids. The resource and power dependency of embedded systems continues to be a challenge for state-of-the-art security practices. Moreover, even theoretically secure algorithms are often vulnerable in their implementation. With decreasing cost and complexity, physical attacks are an increasingly important threat. This threat led to the development of Physically Unclonable Functions (PUFs) which are disordered physical systems with various applications in hardware security. However, consistent security oriented design of embedded systems remains a challenge, as most formalizations and security models are concerned with isolated physical components or high-level concept. We provide four unique contributions: (i) We propose a system-level security model to overcome the chasm between secure components and requirements of high-level protocols; this enables synergy between component-oriented security formalizations and theoretically proven protocols. (ii) An analysis of current practices in PUF protocols using the proposed system-level security model; we identify significant issues and expose assumptions that require costly security techniques. (iii) A System-of-PUF (SoP) that utilizes the large PUF design-space to achieve security requirements with minimal resource utilization; SoP requires 64% less gate-equivalent units than recently published schemes. (iv) A multilevel authentication protocol based on SoP which is validated using our system-level security model and which overcomes current vulnerabilities. Furthermore, this protocol offers breach recognition and recovery.
Keywords: hardware authentication, physically unclonable functions (ID#: 15-6635)
URL:  http://doi.acm.org/10.1145/2656075.2656099

Ahmed M. Azab, Peng Ning, Jitesh Shah, Quan Chen, Rohan Bhutkar, Guruprasad Ganesh, Jia Ma, Wenbo Shen; “Hypervision Across Worlds: Real-time Kernel Protection from the ARM TrustZone Secure World,” CCS ’14, Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, November 2014, Pages 90-102. doi:10.1145/2660267.2660350
Abstract: TrustZone-based Real-time Kernel Protection (TZ-RKP) is a novel system that provides real-time protection of the OS kernel using the ARM TrustZone secure world. TZ-RKP is more secure than current approaches that use hypervisors to host kernel protection tools. Although hypervisors provide privilege and isolation, they face fundamental security challenges due to their growing complexity and code size. TZ-RKP puts its security monitor, which represents its entire Trusted Computing Base (TCB), in the TrustZone secure world; a safe isolated environment that is dedicated to security services. Hence, the security monitor is safe from attacks that can potentially compromise the kernel, which runs in the normal world. Using the secure world for kernel protection has been crippled by the lack of control over targets that run in the normal world. TZ-RKP solves this prominent challenge using novel techniques that deprive the normal world from the ability to control certain privileged system functions. These functions are forced to route through the secure world for inspection and approval before being executed. TZ-RKP's control of the normal world is non-bypassable. It can effectively stop attacks that aim at modifying or injecting kernel binaries. It can also stop attacks that involve modifying the system memory layout, e.g., through memory double mapping. This paper presents the implementation and evaluation of TZ-RKP, which has gone through rigorous and thorough evaluation of effectiveness and performance. It is currently deployed on the latest models of the Samsung Galaxy series smart phones and tablets, which clearly demonstrates that it is a practical real-world system.
Keywords: arm trustzone, integrity monitoring, kernel protection (ID#: 15-6636)
URL:  http://doi.acm.org/10.1145/2660267.2660350

Tongxin Li, Xiaoyong Zhou, Luyi Xing, Yeonjoon Lee, Muhammad Naveed, XiaoFeng Wang, Xinhui Han; “Mayhem in the Push Clouds: Understanding and Mitigating Security Hazards in Mobile Push-Messaging Services,” CCS ’14, Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, November 2014, Pages 978-989. doi:10.1145/2660267.2660302
Abstract: Push messaging is among the most important mobile-cloud services, offering critical supports to a wide spectrum of mobile apps. This service needs to coordinate complicated interactions between developer servers and their apps in a large scale, making it error prone. With its importance, little has been done, however, to understand the security risks of the service. In this paper, we report the first security analysis on those push-messaging services, which reveals the pervasiveness of subtle yet significant security flaws in them, affecting billions of mobile users. Through even the most reputable services like Google Cloud Messaging (GCM) and Amazon Device Messaging (ADM), the adversary running carefully-crafted exploits can steal sensitive messages from a target device, stealthily install or uninstall any apps on it, remotely lock out its legitimate user or even completely wipe out her data. This is made possible by the vulnerabilities in those services' protection of device-to-cloud interactions and the communication between their clients and subscriber apps on the same devices. Our study further brings to light questionable practices in those services, including weak cloud-side access control and extensive use of PendingIntent, as well as the impacts of the problems, which cause popular apps or system services like Android Device Manager, Facebook, Google+, Skype, PayPal etc. to leak out sensitive user data or unwittingly act on the adversary's command. To mitigate this threat, we developed a technique that helps the app developers establish end-to-end protection of the communication with their apps, over the vulnerable messaging services they use.
Keywords: android security, end-to-end protection, mobile cloud security, mobile push-messaging services, security analysis (ID#: 15-6637)
URL: http://doi.acm.org/10.1145/2660267.2660302

Musard Balliu, Mads Dam, Roberto Guanciale; “Automating Information Flow Analysis of Low Level Code,” CCS ’14, Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, November 2014, Pages 1080-1091. doi:10.1145/2660267.2660322
Abstract: Low level code is challenging: It lacks structure, it uses jumps and symbolic addresses, the control flow is often highly optimized, and registers and memory locations may be reused in ways that make typing extremely challenging. Information flow properties create additional complications: They are hyperproperties relating multiple executions, and the possibility of interrupts and concurrency, and use of devices and features like memory-mapped I/O requires a departure from the usual initial-state final-state account of noninterference. In this work we propose a novel approach to relational verification for machine code. Verification goals are expressed as equivalence of traces decorated with observation points. Relational verification conditions are propagated between observation points using symbolic execution, and discharged using first-order reasoning. We have implemented an automated tool that integrates with SMT solvers to automate the verification task. The tool transforms ARMv7 binaries into an intermediate, architecture-independent format using the BAP toolset by means of a verified translator. We demonstrate the capabilities of the tool on a separation kernel system call handler, which mixes hand-written assembly with gcc-optimized output, a UART device driver and a crypto service modular exponentiation routine.
Keywords: formal verification, information flow security, machine code, symbolic execution (ID#: 15-6638)
URL: http://doi.acm.org/10.1145/2660267.2660322

Frederico Araujo, Kevin W. Hamlen, Sebastian Biedermann, Stefan Katzenbeisser; “From Patches to Honey-Patches: Lightweight Attacker Misdirection, Deception, and Disinformation,” CCS ’14, Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, November 2014, Pages 942-953. doi:10.1145/2660267.2660329
Abstract: Traditional software security patches often have the unfortunate side-effect of quickly alerting attackers that their attempts to exploit patched vulnerabilities have failed. Attackers greatly benefit from this information; it expedites their search for unpatched vulnerabilities, it allows them to reserve their ultimate attack payloads for successful attacks, and it increases attacker confidence in stolen secrets or expected sabotage resulting from attacks. To overcome this disadvantage, a methodology is proposed for reformulating a broad class of security patches into honey-patches — patches that offer equivalent security but that frustrate attackers' ability to determine whether their attacks have succeeded or failed. When an exploit attempt is detected, the honey-patch transparently and efficiently redirects the attacker to an unpatched decoy, where the attack is allowed to succeed. The decoy may host aggressive software monitors that collect important attack information, and deceptive files that disinform attackers. An implementation for three production-level web servers, including Apache HTTP, demonstrates that honey-patching can be realized for large-scale, performance-critical software applications with minimal overheads.
Keywords: honeypots, intrusion detection and prevention (ID#: 15-6639)
URL:  http://doi.acm.org/10.1145/2660267.2660329

Shijun Zhao, Qianying Zhang, Guangyao Hu, Yu Qin, Dengguo Feng; “Providing Root of Trust for ARM TrustZone using On-Chip SRAM,” TrustED ’14, Proceedings of the 4th International Workshop on Trustworthy Embedded Devices, November 2014, Pages 25-36. doi:10.1145/2666141.2666145
Abstract: We present the design, implementation and evaluation of the root of trust for the Trusted Execution Environment (TEE) provided by ARM TrustZone based on the on-chip SRAM Physical Unclonable Functions (PUFs). We first implement a building block which provides the foundations for the root of trust: secure key storage and truly random source. The building block doesn't require on or off-chip secure non-volatile memory to store secrets, but provides a high-level security: resistance to physical attackers capable of controlling all external interfaces of the system on chip (SoC). Based on the building block, we build the root of trust consisting of seal/unseal primitives for secure services running in the TEE, and a software-only TPM service running in the TEE which provides rich TPM functionalities for the rich OS running in the normal world of TrustZone. The root of trust resists software attackers capable of compromising the entire rich OS. Besides, both the building block and the root of trust run on the powerful ARM processor. In one word, we leverage the on-chip SRAM, commonly available on mobile devices, to achieve a low-cost, secure, and efficient design of the root of trust.
Keywords: on-chip sram, root of trust, tpm service, trusted execution environment, trustzone (ID#: 15-6640)
URL:  http://doi.acm.org/10.1145/2666141.2666145

Richard Joiner, Thomas Reps, Somesh Jha, Mohan Dhawan, Vinod Ganapathy; “Efficient Runtime-Enforcement Techniques for Policy Weaving,” FSE 2014, Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering, November 2014, Pages 224-234. doi: 10.1145/2635868.2635907
Abstract: Policy weaving is a program-transformation technique that rewrites a program so that it is guaranteed to be safe with respect to a stateful security policy. It utilizes (i) static analysis to identify points in the program at which policy violations might occur, and (ii) runtime checks inserted at such points to monitor policy state and prevent violations from occurring. The promise of policy weaving stems from the possibility of blending the best aspects of static and dynamic analysis components. Therefore, a successful instantiation of policy weaving requires a careful balance and coordination between the two. In this paper, we examine the strategy of using a combination of transactional introspection and statement indirection to implement runtime enforcement in a policy-weaving system. Transactional introspection allows the state resulting from the execution of a statement to be examined and, if the policy would be violated, suppressed. Statement indirection serves as a light-weight runtime analysis that can recognize and instrument dynamically generated code that is not available to the static analysis. These techniques can be implemented via static rewriting so that all possible program executions are protected against policy violations. We describe our implementation of transactional introspection and statement indirection for policy weaving, and report experimental results that show the viability of the approach in the context of real-world JavaScript programs executing in a browser.
Keywords: Security policy enforcement, dynamic runtime verification, speculative execution, statement indirection, transactional introspection (ID#: 15-6641)
URL: http://doi.acm.org/10.1145/2635868.2635907

Hai Van Pham, Philip Moore, Khang Dinh Tran; “Context Matching with Reasoning and Decision Support using Hedge Algebra with Kansei Evaluation,” SoICT ’14, Proceedings of the Fifth Symposium on Information and Communication Technology, December 2014, Pages 202-210. doi:10.1145/2676585.2676598
Abstract: There have been far reaching Societal and Geo-Political developments in healthcare domains locally, nationally, and globally. Healthcare systems are essentially patient centric and decision driven with the clinician focus being on the identification of the best treatment options for patients in uncertain environments. Decision-support systems must focus on knowledge-based decisions using both tacit and explicit knowledge. Decisions are generally made using a qualitative approach in which linguistic (semantic) terms are used to express parameters and preferences to determine the optimal decision from a range of alternative decisions. The study presented in this paper proposes an approach which implements context-matching using hedge algebra integrated with Kansei evaluation. The proposed approach is designed to enable quantification of qualitative factors for linguistic variables while accommodating decision-makers preferences and sensibilities (constraint satisfaction) in decision-making. Experimental results demonstrate that our proposed approach achieves a significant improvement in the performance accuracy. In this paper our proposed approach uses the healthcare domain as a use-case however we argue that the posited approach will potentially generalize to other domains and systems where knowledge-based decision support is a principal requirement.
Keywords: kansei engineering, context, context-matching, decision-support, hedge algebra, personalization, uncertainty (ID#: 15-6642)
URL:  http://doi.acm.org/10.1145/2676585.2676598

Yossi Azar, Seny Kamara, Ishai Menache, Mariana Raykova, Bruce Shepard; “Co-Location-Resistant Clouds,” CCSW ’14, Proceedings of the 6th edition of the ACM Workshop on Cloud Computing Security, November 2014, Pages 9-20. doi:10.1145/2664168.2664179
Abstract: We consider the problem of designing multi-tenant public infrastructure clouds resistant to cross-VM attacks without relying on single-tenancy or on assumptions about the cloud's servers. In a cross-VM attack (which have been demonstrated recently in Amazon EC2) an adversary launches malicious virtual machines (VM) that perform side-channel attacks against co-located VMs in order to recover their contents. We propose a formal model in which to design and analyze secure VM placement algorithms, which are online vector bin packing algorithms that simultaneously satisfy certain optimization constraints and notions of security. We introduce and formalize several notions of security, establishing formal connections between them. We also introduce a new notion of efficiency for online bin packing algorithms that better captures their cost in the setting of cloud computing. Finally, we propose a secure placement algorithm that achieves our strong notions of security when used with a new cryptographic mechanism we refer to as a shared deployment scheme.
Keywords: bin packing, cloud computing, co-location attacks, co-location resistance, cross-vm attacks, cryptography, isolation (ID#: 15-6643)
URL:  http://doi.acm.org/10.1145/2664168.2664179

Kim Ramchen, Brent Waters; “Fully Secure and Fast Signing from Obfuscation,” CCS ’14, Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, November 2014, Pages 659-673. doi:10.1145/2660267.2660306
Abstract: In this work we explore new techniques for building short signatures from obfuscation. Our goals are twofold. First, we would like to achieve short signatures with adaptive security proofs. Second, we would like to build signatures with fast signing, ideally significantly faster than comparable signatures that are not based on obfuscation. The goal here is to create an “imbalanced” scheme where signing is fast at the expense of slower verification. We develop new methods for achieving short and fully secure obfuscation-derived signatures. Our base signature scheme is built from punctured programming and makes a novel use of the “prefix technique” to guess a signature. We find that our initial scheme has slower performance than comparable algorithms (e.g. EC-DSA). We find that the underlying reason is that the underlying PRG is called ~l² times for security parameter l. To address this issue we construct a more efficient scheme by adapting the Goldreich-Goldwasser-Micali [16] construction to form the basis for a new puncturable PRF. This puncturable PRF accepts variable-length inputs and has the property that evaluations on all prefixes of a message can be efficiently pipelined. Calls to the puncturable PRF by the signing algorithm therefore make fewer invocations of the underlying PRG, resulting in reduced signing costs. We evaluate our puncturable PRF based signature schemes using a variety of cryptographic candidates for the underlying PRG. We show that the resulting performance on message signing is competitive with that of widely deployed signature schemes.
Keywords: adaptive security, digital signature scheme, obfuscation, punctured programming (ID#: 15-6644)
URL: http://doi.acm.org/10.1145/2660267.2660306

Florian Hahn, Florian Kerschbaum; “Searchable Encryption with Secure and Efficient Updates,” CCS ’14, Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, November 2014, Pages 310-320. doi:10.1145/2660267.2660297
Abstract: Searchable (symmetric) encryption allows encryption while still enabling search for keywords. Its immediate application is cloud storage where a client outsources its files while the (cloud) service provider should search and selectively retrieve those. Searchable encryption is an active area of research and a number of schemes with different efficiency and security characteristics have been proposed in the literature. Any scheme for practical adoption should be efficient — i.e. have sub-linear search time —, dynamic — i.e. allow updates — and semantically secure to the most possible extent. Unfortunately, efficient, dynamic searchable encryption schemes suffer from various drawbacks. Either they deteriorate from semantic security to the security of deterministic encryption under updates, they require to store information on the client and for deleted files and keywords or they have very large index sizes. All of this is a problem, since we can expect the majority of data to be later added or changed. Since these schemes are also less efficient than deterministic encryption, they are currently an unfavorable choice for encryption in the cloud. In this paper we present the first searchable encryption scheme whose updates leak no more information than the access pattern, that still has asymptotically optimal search time, linear, very small and asymptotically optimal index size and can be implemented without storage on the client (except the key). Our construction is based on the novel idea of learning the index for efficient access from the access pattern itself. Furthermore, we implement our system and show that it is highly efficient for cloud storage.
Keywords: dynamic searchable encryption, searchable encryption, secure index, update (ID#: 15-6645)
URL: http://doi.acm.org/10.1145/2660267.2660297

Chongxi Bao, Ankur Srivastava; “A Secure Algorithm for Task Scheduling against Side-channel Attacks,” TrustED ’14, Proceedings of the 4th International Workshop on Trustworthy Embedded Devices, November 2014, Pages 3-12. doi:10.1145/2666141.2666142
Abstract: The problem of ordering task executions has been well studied under power, performance, and thermal constraints. However, it has been pursued less under security concerns. We have observed that different orders of task executions have different side-channel information leakage, thus having different security levels. In this paper, we first model the behavior of the attacker and then propose a secure algorithm for ordering a periodic tasks that have soft deadlines. Our algorithm can keep a good balance between side-channel information leakage and total lateness. Experimental results show that the attacker could make 38.65% more error inferring the state of chip through side-channel analysis if tasks are scheduled using our algorithm as compared to using algorithms without security consideration (like EDF algorithm).
Keywords: embedded systems, hardware security, side-channel attacks, task scheduling (ID#: 15-6646)
URL: http://doi.acm.org/10.1145/2666141.2666142

Joshua Cazalas, J. Todd McDonald, Todd R. Andel, Natalia Stakhanova; “Probing the Limits of Virtualized Software Protection,” PPREW-4, Proceedings of the 4th Program Protection and Reverse Engineering Workshop, December 2014, Article No. 5. doi:10.1145/2689702.2689707
Abstract: Virtualization is becoming a prominent field of research not only in distributed systems, but also in software protection and obfuscation. Software virtualization has given rise to advanced techniques that may provide intellectual property protection and anti-cloning resilience. We present results of an empirical study that answers whether integrity of execution can be preserved for process-level virtualization protection schemes in the face of adversarial analysis. Our particular approach considers exploits that target the virtual execution environment itself and how it interacts with the underlying host operating system and hardware. We give initial results that indicate such protection mechanisms may be vulnerable at the level where the virtualized code interacts with the underlying operating system. The resolution of whether such attacks can undermine security will help create better detection and analysis methods for malware that also employ software virtualization. Our findings help frame research for additional mitigation techniques using hardware-based integration or hybrid virtualization techniques that can better defend legitimate uses of virtualized software protection.
Keywords: Software protection, obfuscation,  process-level virtualization, tamper resistance, virtualized code (ID#: 15-6647)
URL:  http://doi.acm.org/10.1145/2689702.2689707

Anil Kurmus, Robby Zippel; “A Tale of Two Kernels: Towards Ending Kernel Hardening Wars with Split Kernel,” CCS ’14, Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, November 2014, Pages 1366-1377. doi:10.1145/2660267.2660331
Abstract: Software security practitioners are often torn between choosing performance or security. In particular, OS kernels are sensitive to the smallest performance regressions. This makes it difficult to develop innovative kernel hardening mechanisms: they may inevitably incur some run-time performance overhead. Here, we propose building each kernel function with and without hardening, within a single split kernel. In particular, this allows trusted processes to be run under unmodified kernel code, while system calls of untrusted processes are directed to the hardened kernel code. We show such trusted processes run with no overhead when compared to an unmodified kernel. This allows deferring the decision of making use of hardening to the run-time. This means kernel distributors, system administrators and users can selectively enable hardening according to their needs: we give examples of such cases. Although this approach cannot be directly applied to arbitrary kernel hardening mechanisms, we show cases where it can. Finally, our implementation in the Linux kernel requires few changes to the kernel sources and no application source changes. Thus, it is both maintainable and easy to use.
Keywords: build system, kernel hardening, os security, performance (ID#: 15-6648)
URL:  http://doi.acm.org/10.1145/2660267.2660331

Tamas K. Lengyel, Steve Maresca, Bryan D. Payne, George D. Webster, Sebastian Vogl, Aggelos Kiayias; “Scalability, Fidelity and Stealth in the DRAKVUF Dynamic Malware Analysis System,” ACSAC ’14, Proceedings of the 30th Annual Computer Security Applications Conference. December, 2014, Pages 386-395. doi:10.1145/2664243.2664252
Abstract: Malware is one of the biggest security threats on the Internet today and deploying effective defensive solutions requires the rapid analysis of a continuously increasing number of malware samples. With the proliferation of metamorphic malware the analysis is further complicated as the efficacy of signature-based static analysis systems is greatly reduced. While dynamic malware analysis is an effective alternative, the approach faces significant challenges as the ever increasing number of samples requiring analysis places a burden on hardware resources. At the same time modern malware can both detect the monitoring environment and hide in unmonitored corners of the system.  In this paper we present DRAKVUF, a novel dynamic malware analysis system designed to address these challenges by building on the latest hardware virtualization extensions and the Xen hypervisor. We present a technique for improving stealth by initiating the execution of malware samples without leaving any trace in the analysis machine. We also present novel techniques to eliminate blind-spots created by kernel-mode rootkits by extending the scope of monitoring to include kernel internal functions, and to monitor file-system accesses through the kernel's heap allocations. With extensive tests performed on recent malware samples we show that DRAKVUF achieves significant improvements in conserving hardware resources while providing a stealthy, in-depth view into the behavior of modern malware.
Keywords: dynamic malware analysis, virtual machine introspection (ID#: 15-6649)
URL:  http://doi.acm.org/10.1145/2664243.2664252

---

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

---

Information Flow Analysis and Security, 2014

 

	Information Flow Analysis and Security 2014

One key to computer security is the notion of information flow.  It occurs either explicitly or implicitly in a system. The works cited here cover a range of issues and approaches.  All were presented in 2014.

---

Vance, A., “Flow Based Analysis of Advanced Persistent Threats Detecting Targeted Attacks in Cloud Computing,” Infocommunications Science and Technology, 2014 First International Scientific-Practical Conference Problems of, vol. no.,
pp. 173,176, 14-17 Oct. 2014. doi:10.1109/INFOCOMMST.2014.6992342
Abstract: Cloud computing provides industry, government, and academic users’ convenient and cost-effective access to distributed services and shared data via the Internet. Due to its distribution of diverse users and aggregation of immense data, cloud computing has increasingly been the focus of targeted attacks. Meta-analysis of industry studies and retrospective research involving cloud service providers reveal that cloud computing is demonstrably vulnerable to a particular type of targeted attack, Advanced Persistent Threats (APTs). APTs have proven to be difficult to detect and defend against in cloud based infocommunication systems. The prevalent use of polymorphic malware and encrypted covert communication channels make it difficult for existing packet inspecting and signature based security technologies such as; firewalls, intrusion detection sensors, and anti-virus systems to detect APTs. In this paper, we examine the application of an alternative security approach which applies an algorithm derived from flow based monitoring to successfully detect APTs. Results indicate that statistical modeling of APT communications can successfully develop deterministic characteristics for detection is a more effective and efficient way to protect against APTs.
Keywords: cloud computing; security of data; statistical analysis; APT; Internet; advanced persistent threats; cloud based infocommunication systems; flow based analysis; flow based monitoring; packet inspection; signature based security technologies; statistical modeling; targeted attack detection; Cloud computing; Computer security; Logic gates; Telecommunication traffic; Vectors; Advanced Persistent Threats; Cloud Computing; Cyber Security; Flow Based Analysis; Threat Detection (ID#: 15-6650)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6992342&isnumber=6992271

Lokhande, B.; Dhavale, S., “Overview of Information Flow Tracking Techniques Based on Taint Analysis for Android,” Computing for Sustainable Global Development (INDIACom), 2014 International Conference on, vol. no., pp. 749, 753, 5-7 March 2014. doi:10.1109/IndiaCom.2014.6828062
Abstract: Smartphones today are ubiquitous source of sensitive information. Information leakage instances on the smartphones are on the rise because of exponential growth in smartphone market. Android is the most widely used operating system on smartphones. Many information flow tracking and information leakage detection techniques are developed on Android operating system. Taint analysis is commonly used data flow analysis technique which tracks the flow of sensitive information and its leakage. This paper provides an overview of existing Information flow tracking techniques based on the Taint analysis for android applications. It is observed that static analysis techniques look at the complete program code and all possible paths of execution before its run, whereas dynamic analysis looks at the instructions executed in the program-run in the real time. We provide in depth analysis of both static and dynamic taint analysis approaches.
Keywords: Android (operating system); data flow analysis; smart phones; Android; Information leakage instances; data flow analysis technique; dynamic analysis; dynamic taint analysis approaches; exponential smartphone market growth; information flow tracking techniques; information leakage detection techniques; program code; program-run; static analysis techniques; static taint analysis approaches; Androids; Humanoid robots; Operating systems; Privacy; Real-time systems; Security; Smart phones; Android Operating System; Mobile Security; static and dynamic taint analysis (ID#: 15-6651)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6828062&isnumber=6827395

Zhifei Chen; Lin Chen; Baowen Xu, “Hybrid Information Flow Analysis for Python Bytecode,” Web Information System and Application Conference (WISA), 2014 11th, vol. no., pp. 95, 100, 12-14 Sept. 2014. doi:10.1109/WISA.2014.26
Abstract: Python is widely used to create and manage complex, database-driven websites. However, due to dynamic features such as dynamic typing of variables, Python programs pose a serious security risk to web applications. Most security vulnerabilities result from the fact that unsafe data input reaches security-sensitive operations. To address this problem, information flow analysis for Python programs is proposed to enforce this property. Information flow can capture the fact that a particular value affects another value in the program. In this paper, we present a novel approach for analyzing information flow in Python byte code which is a low-level language and is more widely broadcast. Our approach performs a hybrid of static and dynamic control/data flow analysis. Static analysis is used to study implicit flow, while dynamic analysis efficiently tracks execution information and determines definition-use pair. To the best of our knowledge, it is the first one for Python byte code.
Keywords: authoring languages; data flow analysis; security of data; Python bytecode; Python programs; dynamic analysis; hybrid information flow analysis; low-level language; security risk; static analysis; Buildings; Educational institutions; Loading; Performance analysis; Runtime; Security; Upper bound; Python; information flow; security vulnerabilities; web applications (ID#: 15-6652)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7057995&isnumber=7057968

Haddadi, F.; Morgan, J.; Filho, E.G.; Zincir-Heywood, A.N., “Botnet Behaviour Analysis Using IP Flows: With HTTP Filters Using Classifiers,” Advanced Information Networking and Applications Workshops (WAINA), 2014 28th International Conference on, vol. no., pp. 7,12, 13-16 May 2014. doi:10.1109/WAINA.2014.19
Abstract: Botnets are one of the most destructive threats against the cyber security. Recently, HTTP protocol is frequently utilized by botnets as the Command and Communication (C&C) protocol. In this work, we aim to detect HTTP based botnet activity based on botnet behaviour analysis via machine learning approach. To achieve this, we employ flow-based network traffic utilizing NetFlow (via Softflowd). The proposed botnet analysis system is implemented by employing two different machine learning algorithms, C4.5 and Naive Bayes. Our results show that C4.5 learning algorithm based classifier obtained very promising performance on detecting HTTP based botnet activity.
Keywords: Bayes methods; IP networks; computer network security; hypermedia; learning (artificial intelligence); telecommunication traffic; transport protocols; C&C protocol; C4.5 learning algorithm based classifier; HTTP filters; HTTP protocol; IP flows; NetFlow; Softflowd; botnet behaviour analysis; command and communication protocol; cyber security; destructive threats; flow-based network traffic; machine learning algorithms; machine learning approach; naive Bayes algorithm; Classification algorithms; Complexity theory; Decision trees; Feature extraction; IP networks; Payloads; Protocols; botnet detection; machine learning based analysis; traffic IP-flow analysis (ID#: 15-6653)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6844605&isnumber=6844560

Rezvani, M.; Ignjatovic, A.; Bertino, E.; Jha, S., “Provenance-Aware Security Risk Analysis for Hosts and Network Flows,” Network Operations and Management Symposium (NOMS), 2014 IEEE, vol. no., pp. 1, 8, 5-9 May 2014. doi:10.1109/NOMS.2014.6838250
Abstract: Detection of high risk network flows and high risk hosts is becoming ever more important and more challenging. In order to selectively apply deep packet inspection (DPI) one has to isolate in real time high risk network activities within a huge number of monitored network flows. To help address this problem, we propose an iterative methodology for a simultaneous assessment of risk scores for both hosts and network flows. The proposed approach measures the risk scores of hosts and flows in an interdependent manner; thus, the risk score of a flow influences the risk score of its source and destination hosts, and also the risk score of a host is evaluated by taking into account the risk scores of flows initiated by or terminated at the host. Our experimental results show that such an approach not only effective in detecting high risk hosts and flows but, when deployed in high throughput networks, is also more efficient than PageRank based algorithms.
Keywords: computer network security; risk analysis; deep packet inspection; high risk hosts; high risk network flows; provenance aware security risk analysis; risk score; Computational modeling; Educational institutions; Iterative methods; Monitoring; Ports (Computers); Risk management; Security (ID#: 15-6654)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6838250&isnumber=6838210

Wenmin Xiao; Jianhua Sun; Hao Chen; Xianghua Xu, “Preventing Client Side XSS with Rewrite Based Dynamic Information Flow,” Parallel Architectures, Algorithms and Programming (PAAP), 2014 Sixth International Symposium on, vol. no., pp. 238, 243, 13-15 July 2014. doi:10.1109/PAAP.2014.10
Abstract: This paper presents the design and implementation of an information flow tracking framework based on code rewrite to prevent sensitive information leaks in browsers, combining the ideas of taint and information flow analysis. Our system has two main processes. First, it abstracts the semantic of JavaScript code and converts it to a general form of intermediate representation on the basis of JavaScript abstract syntax tree. Second, the abstract intermediate representation is implemented as a special taint engine to analyze tainted information flow. Our approach can ensure fine-grained isolation for both confidentiality and integrity of information. We have implemented a proof-of-concept prototype, named JSTFlow, and have deployed it as a browser proxy to rewrite web applications at runtime. The experiment results show that JSTFlow can guarantee the security of sensitive data and detect XSS attacks with about 3x performance overhead. Because it does not involve any modifications to the target system, our system is readily deployable in practice.
Keywords: Internet; Java; data flow analysis; online front-ends; security of data; JSTFlow; JavaScript abstract syntax tree; JavaScript code; Web applications; XSS attacks; abstract intermediate representation; browser proxy; browsers; client side XSS; code rewrite; fine-grained isolation; information flow tracking framework; performance overhead; rewrite based dynamic information flow; sensitive information leaks; taint engine; tainted information flow; Abstracts; Browsers; Data models; Engines; Security; Semantics; Syntactics; JavaScript; cross-site scripting; information flow analysis; information security; taint model (ID#: 15-6655)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6916471&isnumber=6916413

Ki-Jin Eom; Choong-Hyun Choi; Joon-Young Paik; Eun-Sun Cho, “An Efficient Static Taint-Analysis Detecting Exploitable-Points on ARM Binaries,” Reliable Distributed Systems (SRDS), 2014 IEEE 33rd International Symposium on, vol. no., pp. 345, 346, 6-9 Oct. 2014. doi:10.1109/SRDS.2014.66
Abstract: This paper aims to differentiate benign vulnerabilities from those used by cyber-attacks, based on STA (Static TaintAnalysis.) To achieve this goal, the proposed STA determines if a crash is from severe vulnerabilities, after analyzing related exploitable-points in ARM binaries. We envision that the proposed analysis would reduce the complexity of analysis, by making use of CPA (Constant Propagation Analysis) and runtime information of crash points.
Keywords: program diagnostics; security of data; ARM binaries; CPA; STA; benign vulnerabilities; constant propagation analysis; cyber-attacks; exploitable-points detection; runtime information; static taint-analysis; Reliability; ARM binary; IDA Pro plug-in; crash point; data flow analysis; exploitable; reverse engineering; taint Analysis (ID#: 15-6656)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6983415&isnumber=6983362

Alam, S.; Horspool, R.N.; Traore, I., “MARD: A Framework for Metamorphic Malware Analysis and Real-Time Detection,” Advanced Information Networking and Applications (AINA), 2014 IEEE 28th International Conference on, vol. no., pp. 480, 489,
13-16 May 2014. doi:10.1109/AINA.2014.59
Abstract: Because of the financial and other gains attached with the growing malware industry, there is a need to automate the process of malware analysis and provide real-time malware detection. To hide a malware, obfuscation techniques are used. One such technique is metamorphism encoding that mutates the dynamic binary code and changes the opcode with every run to avoid detection. This makes malware difficult to detect in real-time and generally requires a behavioral signature for detection. In this paper we present a new framework called MARD for Metamorphic Malware Analysis and Real-Time Detection, to protect the end points that are often the last defense, against metamorphic malware. MARD provides: (1) automation (2) platform independence (3) optimizations for real-time performance and (4) modularity. We also present a comparison of MARD with other such recent efforts. Experimental evaluation of MARD achieves a detection rate of 99.6% and a false positive rate of 4%.
Keywords: binary codes; digital signatures; encoding; invasive software; real-time systems; MARD; behavioral signature; dynamic binary code; malware analysis process automation; malware industry; metamorphic malware analysis and real-time detection; metamorphism encoding; obfuscation techniques; opcode; Malware; Optimization; Pattern matching; Postal services; Real-time systems; Runtime; Software; Automation; Control Flow Analysis; End Point Security; Malware Analysis and Detection; Metamorphism (ID#: 15-6657)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6838703&isnumber=6838626

Buiras, P.; Stefan, D.; Russo, A., “On Dynamic Flow-Sensitive Floating-Label Systems,” Computer Security Foundations Symposium (CSF), 2014 IEEE 27th, vol. no., pp. 65, 79, 19-22 July 2014. doi:10.1109/CSF.2014.13
Abstract: Flow-sensitive analysis for information-flow control (IFC) allows data structures to have mutable security labels, i.e., labels that can change over the course of the computation. This feature is often used to boost the permissiveness of the IFC monitor, by rejecting fewer programs, and to reduce the burden of explicit label annotations. However, when added naively, in a purely dynamic setting, mutable labels can expose a high bandwidth covert channel. In this work, we present an extension for LIO-a language-based floating-label system-that safely handles flow-sensitive references. The key insight to safely manipulating the label of a reference is to not only consider the label on the data stored in the reference, i.e., the reference label, but also the label on the reference label itself. Taking this into consideration, we provide an upgrade primitive that can be used to change the label of a reference in a safe manner. To eliminate the burden of determining when a reference should be upgraded, we additionally provide a mechanism for automatic upgrades. Our approach naturally extends to a concurrent setting, not previously considered by dynamic flow-sensitive systems. For both our sequential and concurrent calculi, we prove non-interference by embedding the flow-sensitive system into the flow-insensitive LIO calculus, a surprising result on its own.
Keywords: data structures; security of data; IFC; LIO language; concurrent calculus; data structures; dynamic flow-sensitive floating-label systems; flow-sensitive analysis; flow-sensitive reference handling; information flow control; security labels; sequential calculus; Calculus; Context; Monitoring; Security; Semantics; Standards; Syntactics; Flow-sensitivity analysis; Haskell; concurrency; dynamic monitors; floating-label systems (ID#: 15-6658)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6957103&isnumber=6957090

Jinxin Ma; Guowei Dong; Puhan Zhang; Tao Guo, “SymWalker: Symbolic Execution in Routines of Binary Code,” Computational Intelligence and Security (CIS), 2014 Tenth International Conference on, vol. no., pp. 694, 698, 15-16 Nov. 2014. doi:10.1109/CIS.2014.16
Abstract: Detecting vulnerabilities in binary codes is one of the most difficult problems due to the lack of type information and symbols. We propose a novel tool to perform symbolic execution inside the routines of binary codes, providing easy static analysis for vulnerability detection. Compared with existing systems, our tool has four properties: first, it could work on binary codes without source codes, second, it employs the VEX language for program analysis, thus having no side effects, third, it could deliver high coverage by statically executing on control flow graphs of disassembly codes, fourth, two security property rules are summarized to detect the corresponding vulnerabilities, based on which a convenient interface is provided for developers to detecting vulnerabilities, such as buffer overflow, improper memory access, and etc. Experimental results on real software binary files show that our tool could efficiently detect different types of vulnerabilities.
Keywords: binary codes; flow graphs; program diagnostics; programming languages; symbol manipulation; SymWalker; VEX language; binary code routines; binary code vulnerability detection; control flow graphs; disassembly codes; program analysis; security property rules; software binary files; source codes; static analysis; symbolic execution; Binary codes; Computer bugs; Computer languages; Computers; Registers; Security; Software; Symbolic execution; control flow analysis; security property; vulnerabilities (ID#: 15-6659)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7016986&isnumber=7016831

Junhyoung Kim; TaeGuen Kim; Eul Gyu Im, “Survey of Dynamic Taint Analysis,” Network Infrastructure and Digital Content
(IC-NIDC), 2014 4th IEEE International Conference on, vol. no., pp. 269, 272, 19-21 Sept. 2014. doi:10.1109/ICNIDC.2014.7000307
Abstract: Dynamic taint analysis (DTA) is to analyze execution paths that an attacker may use to exploit a system. Dynamic taint analysis is a method to analyze executable files by tracing information flow without source code. DTA marks certain inputs to program as tainted, and then propagates values operated with tainted inputs. Due to the increased popularity of dynamic taint analysis, there have been a few recent research approaches to provide a generalized tainting infrastructure. In this paper, we introduce some approaches of dynamic taint analysis, and analyze their approaches. Lam and Chiueh's approach proposed a method that instruments code to perform taint marking and propagation. DYTAN considers three dimensions: taint source, propagation policies, taint sink. These dimensions make DYTAN to be more general framework for dynamic taint analysis. DTA++ proposes an idea to vanilla dynamic taint analysis that propagates additional taints along with targeted control dependencies. Control dependency causes results of taint analysis to have decreased accuracies. To improve accuracies, DTA++ showed that data transformation containing implicit flows should propagate properly to avoid under-tainting.
Keywords: data flow analysis; security of data; system monitoring; DTA++; DYTAN; attacker; control dependency; data transformation; dynamic taint analysis; executable files; execution paths; generalized tainting infrastructure; information flow tracing; propagation policies; taint marking; taint propagation; taint sink; taint source; Accuracy; Computer security; Instruments; Performance analysis; Software; Testing; dynamic taint analysis (ID#: 15-6660)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7000307&isnumber=7000253

Siyuan Jiang; Santelices, R.; Haipeng Cai; Grechanik, M., “How Accurate Is Dynamic Program Slicing? An Empirical Approach to Compute Accuracy Bounds,” Software Security and Reliability-Companion (SERE-C), 2014 IEEE Eighth International Conference on, vol. no., pp. 3, 4, June 30 2014–July 2 2014. doi:10.1109/SERE-C.2014.14
Abstract: Dynamic program slicing attempts to find runtime dependencies among statements to support security, reliability, and quality tasks such as information-flow analysis, testing, and debugging. However, it is not known how accurately dynamic slices identify statements that really affect each other. We propose a new approach to estimate the accuracy of dynamic slices. We use this approach to obtain bounds on the accuracy of multiple dynamic slices in Java software. Early results suggest that dynamic slices suffer from some imprecision and, more critically, can have a low recall whose upper bound we estimate to be 60% on average.
Keywords: Java; data flow analysis; program debugging; program slicing; program testing; Java software; dynamic program slicing; information-flow analysis; quality tasks; reliability; runtime dependencies; security; software debugging; software testing; Accuracy; Reliability; Runtime; Security; Semantics; Software; Upper bound; dynamic slicing; program slicing; semantic dependence; sensitivity analysis (ID#: 15-6661)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6901632&isnumber=6901618

Yin XiaoHong, “The Research on Data Flow Technology in Computer Network Security Monitoring,” Advanced Research and Technology in Industry Applications (WARTIA), 2014 IEEE Workshop on, vol. no., pp. 787, 789, 29-30 Sept. 2014. doi:10.1109/WARTIA.2014.6976389
Abstract: With the rapid development of computer technology and application of Internet is becoming more and more widely, the Internet plays a more and more important role in people's life. At the same time, all kinds of network security events emerge in endlessly, seriously threaten the application and development of the Internet. With the purpose of safety, network monitoring, have more and more important significance in the maintenance of normal efficiently network run, key facilities, information system security, etc.,. How to realize effective network transmission and efficient online analysis to a huge number of distributed network security monitoring data so as to provide further support for a variety of applications become a major challenge in the field of network security and data processing.
Keywords: Internet; computer network security; data flow analysis; query processing; Internet; computer network security monitoring; data flow technology; distributed network security monitoring; network transmission; Communication networks; Data models; Data processing; Distributed databases; Monitoring; Real-time systems; Security; Cost Efficient Processing; Distributed Data Stream; Multi-query Optimization; Network Security Monitoring; Stream Cube (ID#: 15-6662)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6976389&isnumber=6976172

Li Feng; McMillin, B., “Quantification of Information Flow in a Smart Grid,” Computer Software and Applications Conference Workshops (COMPSACW), 2014 IEEE 38th International, vol. no., pp. 140,145, 21-25 July 2014. doi:10.1109/COMPSACW.2014.27
Abstract: The key to computer security is the notion of information flow. Information flow occurs either explicitly or implicitly in a system. In cyber-physical systems (CPSs), complicated interactions occur frequently between computational components and physical components. Thus, detecting and quantifying information flow in these systems is more difficult than it is in purely cyber systems. In CPSs, failures and attacks are either from the physical infrastructure, or from cyber part of data management and communication protocol, or a combination of both. As the physical infrastructure is inherently observable, aggregated physical observations can lead to unintended cyber information leakage. The computational portion of a CPS is driven by algorithms. Within algorithmic theory, the online problem considers input that arrives one by one and deals with extracting the algorithmic solution through an advice tape without knowing some parts of input. In this paper, a smart grid CPS is examined from an information flow perspective, physical values constitute an advice tape. As such, system confidentiality is violated through cyber to physical information flow. An approach is generalized to quantify the information flow in a CPS.
Keywords: data flow analysis; power engineering computing; security of data; smart power grids; computer security; cyber-physical systems; cyber-to-physical information flow; information flow quantification; smart grid CPS; system confidentiality; Algorithm design and analysis; Entropy; Load management; Observers; Security; Smart grids; Uncertainty; Advice Tape; Information Flow; Online Problem; Quantification (ID#: 15-6663)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6903119&isnumber=6903069

Lovat, E.; Kelbert, F., “Structure Matters — A New Approach for Data Flow Tracking,” Security and Privacy Workshops (SPW), 2014 IEEE, vol. no., pp. 39, 43, 17-18 May 2014. doi:10.1109/SPW.2014.15
Abstract: Usage control (UC) is concerned with how data may or may not be used after initial access has been granted. UC requirements are expressed in terms of data (e.g. a picture, a song) which exist within a system in forms of different technical representations (containers, e.g. files, memory locations, windows). A model combining UC enforcement with data flow tracking across containers has been proposed in the literature, but it exhibits a high false positives detection rate. In this paper we propose a refined approach for data flow tracking that mitigates this over approximation problem by leveraging information about the inherent structure of the data being tracked. We propose a formal model and show some exemplary instantiations.
Keywords: data flow analysis; data flow computing; UC enforcement; containers; data access; data flow tracking; false positive detection rate; formal model; information leveraging; inherent data structure; over-approximation problem mitigation; technical representations; usage control; Containers; Data models; Discrete Fourier transforms; Operating systems; Postal services; Security; Semantics; data structure (ID#: 15-6664)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6957282&isnumber=6957265

Hossen, K.; Groz, R.; Oriat, C.; Richier, J.-L., “Automatic Model Inference of Web Applications for Security Testing,” Software Testing, Verification and Validation Workshops (ICSTW), 2014 IEEE Seventh International Conference on, vol. no., pp. 22, 23, March 31 2014–April 4 2014. doi:10.1109/ICSTW.2014.47
Abstract: In the Internet of services (IoS), web applications are the most common way to provide resources to the users. The complexity of these applications grew up with the number of different development techniques and technologies used. Model-based testing (MBT) has proved its efficiency in software testing but retrieving the corresponding model of an application is still a complex task. In this paper, we propose an automatic and vulnerability-driven model inference approach to model the relevant aspects of a web applications by combining deep web crawling and model inference based on input sequences.
Keywords: Internet; data flow analysis; Inference mechanisms; program testing; security of data; Internet of services; IoS; MBT; Web applications; automatic model inference approach; deep Web crawling; input sequences; model-based testing; security testing; software testing; vulnerability-driven model inference approach; Automata; Conferences; Inference algorithms; Machine learning algorithms; Modeling; Security; Testing; Control Flow Inference; Data-Flow Inference; Reverse-Engineering; Security; Web Application (ID#: 15-6665)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6825633&isnumber=6825623

Tsigkanos, C.; Pasquale, L.; Menghi, C.; Ghezzi, C.; Nuseibeh, B., “Engineering Topology Aware Adaptive Security: Preventing Requirements Violations at Runtime,” Requirements Engineering Conference (RE), 2014 IEEE 22nd International, vol. no., pp. 203, 212, 25-29 Aug. 2014. doi:10.1109/RE.2014.6912262
Abstract: Adaptive security systems aim to protect critical assets in the face of changes in their operational environment. We have argued that incorporating an explicit representation of the environment's topology enables reasoning on the location of assets being protected and the proximity of potentially harmful agents. This paper proposes to engineer topology aware adaptive security systems by identifying violations of security requirements that may be caused by topological changes, and selecting a set of security controls that prevent such violations. Our approach focuses on physical topologies; it maintains at runtime a live representation of the topology which is updated when assets or agents move, or when the structure of the physical space is altered. When the topology changes, we look ahead at a subset of the future system states. These states are reachable when the agents move within the physical space. If security requirements can be violated in future system states, a configuration of security controls is proactively applied to prevent the system from reaching those states. Thus, the system continuously adapts to topological stimuli, while maintaining requirements satisfaction. Security requirements are formally expressed using a propositional temporal logic, encoding spatial properties in Computation Tree Logic (CTL). The Ambient Calculus is used to represent the topology of the operational environment — including location of assets and agents — as well as to identify future system states that are reachable from the current one. The approach is demonstrated and evaluated using a substantive example concerned with physical access control.
Keywords: authorisation; data flow analysis; formal specification; temporal logic; access control; adaptive security systems; ambient calculus; computation tree logic; encoding spatial properties; potentially harmful agents; propositional temporal logic; requirements violation prevention; security controls; security requirements; topology aware adaptive security engineering; Aerospace electronics; Buildings; Calculus; Runtime; Security; Servers; Topology (ID#: 15-6666)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6912262&isnumber=6912234

Zhang Puhan; Wu Jianxiong; Wang Xin; Wu Zehui, “Decrypted Data Detection Algorithm Based on Dynamic Dataflow Analysis,” Computer, Information and Telecommunication Systems (CITS), 2014 International Conference on, vol. no., pp. 1,4, 7-9 July 2014. doi:10.1109/CITS.2014.6878965
Abstract: Cryptographic algorithm detection has received a lot of attentions in these days, whereas the method to detect decrypted data remains further research. A decrypted memory detection method using dynamic dataflow analysis is proposed in this paper. Based on the intuition that decrypted data is generated in the cryptographic function and the unique feature of decrypted data, by analyzing the parameter sets of cryptographic function, we propose a model based on the input and output of cryptographic function. Experimental results demonstrate that our approach can effectively detect decrypted memory.
Keywords: cryptography; data flow analysis; cryptographic algorithm detection; decrypted data; decrypted memory detection method; dynamic dataflow analysis; Algorithm design and analysis; Encryption; Heuristic algorithms; Software; Software algorithms; Cryptographic; Dataflow analysis; Decrypted memory; Taint analysis (ID#: 15-6667)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6878965&isnumber=6878950

Pena, E.H.M.; Barbon, S.; Rodrigues, J.J.P.C.; Lemes Proenca Junior, M., “Anomaly Detection Using Digital Signature of Network Segment with Adaptive ARIMA Model and Paraconsistent Logic,” Computers and Communication (ISCC), 2014 IEEE Symposium on, vol. no., pp. 1, 6, 23-26 June 2014. doi:10.1109/ISCC.2014.6912503
Abstract: Detecting anomalies accurately in network traffic behavior is essential for a variety of network management and security tasks. This paper presents an anomaly detection approach employing Digital Signature of Network Segment using Flow Analysis (DSNSF), generated with an ARIMA model. Also, a functional algorithm based on a non-classical logic called Paraconsistent Logic is proposed aiming to avoid high false alarms rates. The key idea of the proposed approach is to characterize the normal behavior of network traffic and then identify the traffic patterns behavior that might harm networks services. Experimental results on a real network demonstrate the effectiveness the proposed approach. The results are promising, showing that the flow analysis performed is able to detect anomalous traffic with precision, sensitivity and good performance.
Keywords: autoregressive moving average processes; digital signatures; DSNSF; adaptive ARIMA model; anomaly detection; digital signature of network segment using flow analysis; network management; network traffic behavior; paraconsistent logic; traffic patterns behavior; Analytical models; Autoregressive processes; Correlation; Data models; Digital signatures; Equations; Mathematical model (ID#: 15-6668)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6912503&isnumber=6912451

Camacho, J.; Macia-Fernandez, G.; Diaz-Verdejo, J.; Garcia-Teodoro, P., “Tackling the Big Data 4 Vs for Anomaly Detection,” Computer Communications Workshops (INFOCOM WKSHPS), 2014 IEEE Conference on, vol. no., pp. 500, 505,
April 27 2014–May 2 2014. doi:10.1109/INFCOMW.2014.6849282
Abstract: In this paper, a framework for anomaly detection and forensics in Big Data is introduced. The framework tackles the Big Data 4 Vs: Variety, Veracity, Volume and Velocity. The varied nature of the data sources is treated by transforming the typically unstructured data into a highly dimensional and structured data set. To overcome both the uncertainty (low veracity) and high dimension introduced, a latent variable method, in particular Principal Component Analysis (PCA), is applied. PCA is well known to present outstanding capabilities to extract information from highly dimensional data sets. However, PCA is limited to low size, thought highly multivariate, data sets. To handle this limitation, a kernel computation of PCA is employed. This avoids computational problems due to the size (number of observations) in the data sets and allows parallelism. Also, hierarchical models are proposed if dimensionality is extreme. Finally, to handle high velocity in analyzing time series data flows, the Exponentially Weighted Moving Average (EWMA) approach is employed. All these steps are discussed in the paper, and the VAST 2012 mini challenge 2 is used for illustration.
Keywords: Big Data; digital forensics; firewalls; moving average processes; principal component analysis; time series; Big Data 4 Vs; EWMA approach; PCA; anomaly detection; computational problems; data sources; exponentially weighted moving average approach; forensics; hierarchical models; highly-dimensional structured data set; information extraction; kernel computation; latent variable method; parallelism; principal component analysis; time series data flow analysis; uncertainty problem; unstructured data transformation; variety; velocity; veracity; volume; Big data; Computational modeling; Conferences; Data privacy; Data visualization; Principal component analysis; Security (ID#: 15-6669)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6849282&isnumber=6849127

Stevanovic, M.; Pedersen, J.M., “An Efficient Flow-Based Botnet Detection Using Supervised Machine Learning,” Computing, Networking and Communications (ICNC), 2014 International Conference on, vol. no., pp. 797, 801, 3-6 Feb. 2014. doi:10.1109/ICCNC.2014.6785439
Abstract: Botnet detection represents one of the most crucial prerequisites of successful botnet neutralization. This paper explores how accurate and timely detection can be achieved by using supervised machine learning as the tool of inferring about malicious botnet traffic. In order to do so, the paper introduces a novel flow-based detection system that relies on supervised machine learning for identifying botnet network traffic. For use in the system we consider eight highly regarded machine learning algorithms, indicating the best performing one. Furthermore, the paper evaluates how much traffic needs to be observed per flow in order to capture the patterns of malicious traffic. The proposed system has been tested through the series of experiments using traffic traces originating from two well-known P2P botnets and diverse non-malicious applications. The results of experiments indicate that the system is able to accurately and timely detect botnet traffic using purely flow-based traffic analysis and supervised machine learning. Additionally, the results show that in order to achieve accurate detection traffic flows need to be monitored for only a limited time period and number of packets per flow. This indicates a strong potential of using the proposed approach within a future on-line detection framework.
Keywords: computer network security; invasive software; learning (artificial intelligence); peer-to-peer computing; telecommunication traffic; P2P botnets; botnet neutralization; flow-based botnet detection; flow-based traffic analysis; malicious botnet network traffic identification; nonmalicious applications; packet flow; supervised machine learning; Accuracy; Bayes methods; Feature extraction; Protocols; Support vector machines; Training; Vegetation; Botnet; Botnet detection; Machine learning; Traffic analysis; Traffic classification (ID#: 15-6670)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6785439&isnumber=6785290

Cui Baojiang; Long Baolian; Hou Tingting, “Reverse Analysis Method of Static XSS Defect Detection Technique Based on Database Query Language,” P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC), 2014 Ninth International Conference on, vol. no., pp. 487, 491, 8-10 Nov. 2014. doi:10.1109/3PGCIC.2014.99
Abstract: Along with the wide use of web application, XSS vulnerability has become one of the most common security problems and caused many serious losses. In this paper, on the basis of database query language technique, we put forward a static analysis method of XSS defect detection of java web application by analyzing data flow reversely. This method first converts the JSP file to a Servlet file, and then uses the mock test method to generate calls for all Java code automatically for comprehensive analysis. Originated from the methods where XSS security defect may occur, we analyze the data flow reversely to detect XSS defect by judging whether it can be introduced by user input without filter. This reverse method has effectively reduced analyzing tasks which are necessary in forward ways. It was proved by experiments on artificially constructed Java web project with XSS flaws and some open source Java web projects, this method not only improved the efficiency of detection, but also improved the detection accuracy for XSS defect.
Keywords: Internet; Java; query languages; query processing; security of data; JSP file; Java Web application; Servlet file; XSS vulnerability; data flow reverse analysis method; database query language; mock test method; static XSS defect detection technique; Accuracy; Browsers; Context; Databases; Educational institutions; Security; XSS defect; reverse analysis; static analysis; web application (ID#: 15-6671)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7024633&isnumber=7024297

Xin Xie; Fenlin Liu; Bin Lu; Fei Xiang, “Mixed Obfuscation of Overlapping Instruction and Self-Modify Code Based on Hyper-Chaotic Opaque Predicates,” Computational Intelligence and Security (CIS), 2014 Tenth International Conference on, vol. no.,
pp. 524, 528, 15-16 Nov. 2014. doi:10.1109/CIS.2014.45
Abstract: Static disassembly is used to analyze program control flow that is the key process of reverse analysis. Aiming at the problem that attackers are always using static disassembly to analyze control transfer instructions and control flow graph, a mixed obfuscation of overlapping instruction and self-modify code based on hyper-chaotic opaque predicates is proposed, jump offsets in overlapping instructions and data offsets in self-modify code are constructed with opaque predicates. Control transfer instructions are modified into control transfer unrelated ones with the combination of characteristics of overlapping instruction and self-modify code. Experiments and analysis show that control flow graph can be obfuscated by mixed obfuscation due to the difficulty of hyper-chaotic opaque predicates for attackers to analyze.
Keywords: program control structures; safety-critical software; software engineering; code obfuscation; control flow graph; control transfer instructions; hyper-chaotic opaque predicates; program control flow analyze; reverse analysis; self-modify code; Chaos; Flow graphs; Resistance; Resists; Software; Watermarking; code obfuscation; hyper-chaotic opaque predicate; overlapping instruction; self-modify code (ID#: 15-6672)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7016951&isnumber=7016831

Ippoliti, D.; Xiaobo Zhou, “Online Adaptive Anomaly Detection for Augmented Network Flows,” Modelling, Analysis & Simulation of Computer and Telecommunication Systems (MASCOTS), 2014 IEEE 22nd International Symposium on, vol. no.,
pp. 433, 442, 9-11 Sept. 2014. doi:10.1109/MASCOTS.2014.60
Abstract: Traditional network anomaly detection involves developing models that rely on packet inspection. Increasing network speeds and use of encrypted protocols make per-packet inspection unsuited for today's networks. One method of overcoming this obstacle is flow based analysis. Many existing approaches are special purpose, i.e., limited to detecting specific behavior. Also, the data reduction inherent in identifying anomalous flows hinders alert correlation. In this paper we propose a dynamic anomaly detection approach for augmented flows. We sketch network state during flow creation enabling general purpose threat detection. We design and develop a support vector machine based adaptive anomaly detection and correlation mechanism capable of aggregating alerts without a-priori alert classification and evolving models online. We develop a confidence forwarding mechanism identifying a small percentage predictions for additional processing. We show effectiveness of our methods on both enterprise and backbone traces. Experimental results demonstrate the ability to maintain high accuracy without the need for offline training.
Keywords: computer network security; support vector machines; alert aggregation; alert correlation; anomalous flow identification; augmented flows; augmented network flows; backbone traces; confidence forwarding mechanism; data reduction; dynamic anomaly detection approach; enterprise traces; flow based analysis; flow creation; general purpose threat detection; network anomaly detection; network state; online adaptive anomaly detection; packet inspection; support vector machine based adaptive anomaly detection mechanism; support vector machine based adaptive correlation mechanism; Adaptation models; Correlation; Detectors; Inspection; Support vector machines; Training; Vectors (ID#: 15-6673)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7033682&isnumber=7033621

Sen, S.; Guha, S.; Datta, A.; Rajamani, S.K.; Tsai, J.; Wing, J.M., “Bootstrapping Privacy Compliance in Big Data Systems,” Security and Privacy (SP), 2014 IEEE Symposium on, vol. no., pp. 327, 342, 18-21 May 2014. doi:10.1109/SP.2014.28
Abstract: With the rapid increase in cloud services collecting and using user data to offer personalized experiences, ensuring that these services comply with their privacy policies has become a business imperative for building user trust. However, most compliance efforts in industry today rely on manual review processes and audits designed to safeguard user data, and therefore are resource intensive and lack coverage. In this paper, we present our experience building and operating a system to automate privacy policy compliance checking in Bing. Central to the design of the system are (a) Legal ease-a language that allows specification of privacy policies that impose restrictions on how user data is handled, and (b) Grok-a data inventory for Map-Reduce-like big data systems that tracks how user data flows among programs. Grok maps code-level schema elements to data types in Legal ease, in essence, annotating existing programs with information flow types with minimal human input. Compliance checking is thus reduced to information flow analysis of Big Data systems. The system, bootstrapped by a small team, checks compliance daily of millions of lines of ever-changing source code written by several thousand developers.
Keywords: Big Data; Web services; cloud computing; computer bootstrapping; conformance testing; data privacy; parallel programming; search engines; source code (software); Bing; Grok data inventory; Legal ease language; Map-Reduce-like Big Data systems; automatic privacy policy compliance checking; business imperative privacy policies; cloud services; code-level schema element mapping; datatypes; information flow types; minimal human input; personalized user experiences; privacy compliance bootstrapping; privacy policy specification; program annotation; source code; user data handling; user trust; Advertising; Big data; Data privacy; IP networks; Lattices; Privacy; Semantics; big data; bing; compliance; information flow; policy; privacy; program analysis (ID#: 15-6674)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6956573&isnumber=6956545
 

---

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

---

Location Privacy—Authentication Approaches, 2014

 

	Location Privacy—Authentication Approaches 2014

Location-based services have proven popular both with end users and with distributed systems operators. The research presented here looks at protecting privacy on these systems using authentication-based methods. The work was published in 2014.

---

Yingjie Chen; Wei Wang; Qian Zhang, “Privacy-Preserving Location Authentication in WiFi with Fine-Grained Physical Layer Information,” Global Communications Conference (GLOBECOM), 2014 IEEE, vol., no., pp. 4827, 4832, 8-12 Dec. 2014. doi:10.1109/GLOCOM.2014.7037570
Abstract: The surging deployment of WiFi hotspots in public places drives the blossoming of location-based services (LBSs) available. A recent measurement reveals that a large portion of the reported locations are either forged or superfluous, which calls attention to location authentication. However, existing authentication approaches breach user's location privacy, which is of wide concern of both individuals and governments. In this paper, we propose PriLA, a privacy-preserving location authentication protocol that facilitates location authentication without compromising user's location privacy in WiFi networks. PriLA exploits physical layer information, namely carrier frequency offset (CFO) and multipath profile, from user's frames. In particular, PriLA leverages CFO to secure wireless transmission between the mobile user and the access point (AP), and meanwhile authenticate the reported locations without leaking the exact location information based on the coarse-grained location proximity being extracted from user's multipath profile. Existing privacy preservation techniques on upper layers can be applied on top of PriLA to enable various applications. We have implemented PriLa on GNURadio/USRP platform and off-the-shelf Intel 5300 NIC. The experimental results demonstrate the practicality of CFO injection and accuracy of multipath profile based location authentication in a real-world environment.
Keywords: computer crime; computer network security; cryptographic protocols; mobile radio; wireless LAN; AP; CFO injection; GNUradio platform; LBS; PriLA; USRP platform; Wi-Fi hotspot; access point; carrier frequency offset; coarse-grained location proximity; fine-grained physical layer information; location forgery; location superfluousness; location-based service; mobile user location privacy; multipath profile; off-the-shelf Intel 5300 NIC; privacy preservation technique; privacy-preserving location authentication protocol; secure wireless transmission; Authentication; Encryption; IEEE 802.11 Standards; Mobile communication; OFDM; Privacy; Wireless communication (ID#: 15-6400)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7037570&isnumber=7036769

Hussain, M., “An Authentication Scheme to Protect the Location Privacy of Femtocell Users,” Computer Systems and Applications (AICCSA), 2014 IEEE/ACS 11th International Conference on, vol., no., pp. 652, 657, 10-13 Nov. 2014. doi:10.1109/AICCSA.2014.7073261
Abstract: Femtocells are small cellular base-stations, suitable for residential units or business offices. Femtocells are cost-effective solution for areas where deploying traditional base-stations is costly. Femtocells inherits security and privacy threats of GSM, and UMTS networks such as location privacy and tracking. These threats are even more severe, since the deployment of femtocells, which covers areas as small as an office, allows for an unprecedented tracking of mobile users location. This paper presents an authentication scheme, which allows a mobile user to use an open femtocell, while making it hard for its mobile operator to know the exact location of that mobile user. The scheme complements the privacy protection of UMTS. Further, the scheme enables mobile operators to reward owners of open femtocells. The paper discusses the security of the presented scheme. The simulation of the authentication scheme shows the feasibility of our work.
Keywords: 3G mobile communication; data protection; femtocellular radio; mobility management (mobile radio); telecommunication security; GSM network security; UMTS network; authentication scheme; cellular base station; cost-effective solution; femtocell user; location privacy protection; mobile operator; mobile user location tracking; 3G mobile communication; Authentication; Cryptography; Femtocells; Privacy; femtocell security; femtocells; location privacy (ID#: 15-6401)
URL:  http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7073261&isnumber=7073167

Saracino, A.; Sgandurra, D.; Spagnuelo, D., “Addressing Privacy Issues in Location-Based Collaborative and Distributed Environments,” Collaboration Technologies and Systems (CTS), 2014 International Conference on, vol., no., pp. 166, 172, 19-23 May 2014. doi:10.1109/CTS.2014.6867560
Abstract: In the past few years collaborative environments have been growing fast thanks to the ubiquitousness of smartphones and to their rich features. These devices are nowadays very sophisticated by being able to receive GPS signal, communicate with other devices through mobile network, and to analyze several different kinds of data received with their sensors. In some collaborative environments, users need to access the correct geo-location, for example when they collaboratively contribute to build a collection of data about specific objects, such as for traffic news. On other hand, sharing the exact location may imply violations to the user privacy. In this paper we discuss the importance of the correct location in collaborative environments and we address the problem of privacy for users and show how current solutions, which aim to preserve the user privacy, can interfere with the correct behavior of some applications. We also propose a novel approach to provide the correct location to the collaborative network only when this is needed, which preserves the user privacy.
Keywords: data privacy; groupware; mobile computing; smart phones; GPS signal; Global Positioning System; collaborative environment; data collection; distributed environment; location-based collaborative environment; privacy issues; smart phones; user privacy; Authentication; Collaboration; Privacy; Sensors; Smart phones; Software; Android; location; mobile system; privacy (ID#: 15-6402)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6867560&isnumber=6867522

Hui-Feng Huang; Po-Kai Yu; Kuo-Ching Liu, “A Privacy and Authentication Protocol for Mobile RFID System,” Independent Computing (ISIC), 2014 IEEE International Symposium on, vol., no., pp. 1, 6, 9-12 Dec. 2014. doi:10.1109/INDCOMP.2014.7011754
Abstract: Since information communication via radio transmission can be easily eavesdropped, therefore, many radio frequency identification (RFID) security mechanisms for location privacy protection have been proposed recently. However, most of previously proposed schemes do not conform to the EPC Class-1 GEN-2 standard for passive RFID tags as they require the implementation of hash functions on the tags. In 2013, Doss et al. proposed the mutual authentication for the tag, the reader, and the back-end server in the RFID system. Their scheme is the first quadratic residues based to achieve compliance to EPC Class-1 GEN-2 specification and the security of the server-reader channel may not be guaranteed. However, this article will show that the computational requirements and bandwidth consumption are quite demanding in Doss et al.'s scheme. To improve Doss et al.'s protocol, this article proposes a new efficient RFID system where both the tag-reader channel and the reader-server channel are insecure. The proposed method is not only satisfies all the security requirements for the reader and the tag but also achieve compliance to EPC Class-1 GEN-2 specifications. Moreover, the proposed scheme can be used in a large-scale RFID system.
Keywords: cryptographic protocols; data privacy; radiofrequency identification; Doss protocol; EPC Class-1 GEN-2 standard; authentication protocol; back-end server; bandwidth consumption; computational requirement; hash functions; mobile RFID system; mutual authentication; passive RFID tags; privacy protocol; server-reader channel; Authentication; Databases; Generators; Privacy; Radiofrequency identification; Servers; Location privacy Introduction; Mutual authentication; RFID (ID#: 15-6403)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7011754&isnumber=7011735

Guo Yunchuan; Yin Lihua; Liu Licai; Fang Binxing, “Utility-Based Cooperative Decision in Cooperative Authentication,” INFOCOM, 2014 Proceedings IEEE, vol., no., pp. 1006, 1014, April 27 2014–May 2 2014. doi:10.1109/INFOCOM.2014.6848030
Abstract: In mobile networks, cooperative authentication is an efficient way to recognize false identities and messages. However, an attacker can track the location of cooperative mobile nodes by monitoring their communications. Moreover, mobile nodes consume their own resources when cooperating with other nodes in the process of authentication. These two factors cause selfish mobile nodes not to actively participate in authentication. In this paper, a bargaining-based game for cooperative authentication is proposed to help nodes decide whether to participate in authentication or not, and our strategy guarantees that mobile nodes participating in cooperative authentication can obtain the maximum utility, all at an acceptable cost. We obtain Nash equilibrium in static complete information games. To address the problem of nodes not knowing the utility of other nodes, incomplete information games for cooperative authentication are established. We also develop an algorithm based on incomplete information games to maximize every node's utility. The simulation results demonstrate that our strategy has the ability to guarantee authentication probability and increase the number of successful authentications.
Keywords: game theory; mobile ad hoc networks; probability; telecommunication security; MANET; Nash equilibrium; authentication probability; authentication process; cooperative authentication; cooperative mobile nodes; information games; mobile ad hoc network; mobile networks; mobile nodes; utility based cooperative decision; Bismuth; Computers; Conferences; High definition video; Human computer interaction; Cooperative authentication; games; location privacy (ID#: 15-6404)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6848030&isnumber=6847911

Rongxing Lu; Xiaodong Lin; Zhiguo Shi; Jun Shao, “PLAM: A Privacy-Preserving Framework for Local-Area Mobile Social Networks,” INFOCOM, 2014 Proceedings IEEE, vol., no., pp. 763, 771, April 27 2014–May 2 2014. doi:10.1109/INFOCOM.2014.6848003
Abstract: In this paper, we propose a privacy-preserving framework, called PLAM, for local-area mobile social networks. The proposed PLAM framework employs a privacy-preserving request aggregation protocol with k-Anonymity and l-Diversity properties while without involving a trusted anonymizer server to keep user preference privacy when querying location-based service (LBS), and integrates unlinkable pseudo-ID technique to achieve user identity privacy, location privacy. Moreover, the proposed PLAM framework also introduces the privacy-preserving and verifiable polynomial computation to keep LBS provider's functions private while preventing the provider from cheating in computation. Detailed security analysis shows that the proposed PLAM framework can not only achieve desirable privacy requirements but also resist outside attacks on source authentication, data integrity and availability. In addition, extensive simulations are also conducted, and simulation results guide us on how to set proper thresholds for k-anonymity, l-diversity to make a tradeoff between the desirable user preference privacy level and the request delay in different scenarios.
Keywords: cryptography; data integrity; data privacy; local area networks; mobile computing; polynomials; protocols; social networking (online); trusted computing; LBS; LBS provider functions; PLAM framework; data availability; data integrity; k-anonymity; l-diversity; local-area mobile social networks; location privacy; location-based service; privacy-preserving request aggregation protocol; request delay; security analysis; source authentication; trusted anonymizer server; unlinkable pseudo-ID technique; user identity privacy; user preference privacy level; verifiable polynomial computation; Data privacy; Mobile communication; Mobile computing; Polynomials; Privacy; Protocols; Security; Privacy-preserving; location-based services; mobile social network; preference privacy (ID#: 15-6405)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6848003&isnumber=6847911

Sam, M.M.; Vijayashanthi, N.; Sundhari, A., “An Efficient Pseudonymous Generation Scheme with Privacy Preservation for Vehicular Communication,” Intelligent Computing Applications (ICICA), 2014 International Conference on, vol., no., pp. 109, 117, 6-7 March 2014. doi:10.1109/ICICA.2014.32
Abstract: Vehicular Ad-Hoc Network (VANET) communication has recently become an increasingly popular research topic in the area of wireless networking as well as the automotive industries. The goal of VANET research is to develop a vehicular communication system to enable quick and costefficient distribution of data for the benefit of passengers safety and comfort. But location privacy in vanet is still an imperative issue. To overcome this privacy, a popular approach that is recommended in vanet is that vehicles periodically change their pseudonyms when they broadcast safety messages. An Effective pseudonym changing at proper location(e.g., a road intersection when the traffic light turns red or a free parking lot near a shopping mall) (PCP) strategy to achieve the provable location privacy. In addition, we use Bilinear Pairing for self-delegated key generation. Current threat model primarily considers that an adversary can track a vehicle that can utilize more character factors to track a vehicle and to explore new location-privacy-enhanced techniques under such a stronger threat model.
 Keywords: telecommunication security; vehicular ad hoc networks; VANET communication; VANET research; bilinear pairing; effective pseudonym changing; location-privacy-enhanced techniques; privacy preservation; pseudonymous generation scheme; road intersection; self-delegated key generation; vehicular ad-hoc network; vehicular communication; vehicular communication system; wireless networking; Analytical models; Authentication; Privacy; Roads; Safety; Vehicles; Vehicular ad hoc networks; Group- Signature-Based (GSB); Pseudonym Changing at Proper Location (PCP); RoadSide Units (RSUs); Trusted Authority (TA) (ID#: 15-6406)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6965022&isnumber=6964987

Liu Licai; Yin Lihua; Guo Yunchuan; Fang Bingxing, “Bargaining-Based Dynamic Decision for Cooperative Authentication in MANETs,” Trust, Security and Privacy in Computing and Communications (TrustCom), 2014 IEEE 13th International Conference on, vol., no., pp. 212, 220, 24-26 Sept. 2014. doi:10.1109/TrustCom.2014.32
Abstract: In MANETs, cooperative authentication, requiring cooperation of neighbor nodes, is a significant authenticate technique. However, when nodes participate in cooperation, their location may easily be tracked by misbehaving nodes, meanwhile, their resources will be consumed. These two factors lead selfish nodes reluctant participate in cooperation and decrease the probability of correct authentication. To encourage nodes to take part in cooperation, we proposed a bargaining-based dynamic game model for cooperative authentication to analyze dynamic behaviors of nodes and help nodes decide whether to participate in cooperation or not. Further, to analyze the dynamic decision-making of nodes, we discussed two situations — complete information and incomplete information, respectively. Under complete information, Sub game Perfect Nash Equilibriums are obtained to guide nodes to choose its optimal strategy to maximize its utility. In reality, nodes often do not have good knowledge about others’ utility (this case is often called incomplete information). To dealt with this case, Perfect Bayesian Nash Equilibrium is established to eliminate the implausible Equilibriums. Based on the model, we designed two algorithms for complete information and incomplete information, and the simulation results demonstrate that in our model nodes participating in cooperation will maximize their location privacy and minimize their resources consumption with ensuing the probability of correct authentication. Both of algorithms can improve the success rate of cooperative authentication and extend the network lifetime to 160%-360.6%.
Keywords: cooperative communication; decision making; game theory; message authentication; mobile ad hoc networks; probability; telecommunication security; MANET; bargaining-based dynamic decision; bargaining-based dynamic game model; cooperative authentication; dynamic decision-making; location privacy; mobile ad hoc networks; network lifetime; perfect Bayesian Nash equilibrium; resources consumption; subgame perfect Nash equilibriums; Ad hoc networks; Authentication; Games; Mobile computing; Principal component analysis; Privacy; Vehicle dynamics; Cooperative Authentication; Dynamic Game; Incentive Strategy; MANET (ID#: 15-6407)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7011253&isnumber=7011202

Kounelis, I.; Muftic, S.; Loschner, J., “Secure and Privacy-Enhanced E-Mail System Based on the Concept of Proxies,” Information and Communication Technology, Electronics and Microelectronics (MIPRO), 2014 37th International Convention on, vol., no., pp. 1405, 1410, 26-30 May 2014. doi:10.1109/MIPRO.2014.6859787
Abstract: Security and privacy on the Internet and especially the e-mail, is becoming more and more important and crucial for the user. The requirements for the protection of e-mail include issues like tracking and privacy intrusions by hackers and commercial advertisers, intrusions by casual observers, and even spying by government agencies. In an expanding email use in the digital world, Internet and mobile, the quantity and sensitivity of personal information has also tremendously expanded. Therefore, protection of data and transactions and privacy of user information is key and of interest for many users. Based on such motives, in this paper we present the design and current implementation of our secure and privacy-enhanced e-mail system. The system provides protection of e-mails, privacy of locations from which the e-mail system is accessed, and authentication of legitimate users. Differently from existing standard approaches, which are based on adding security extensions to e-mail clients, our system is based on the concept of proxy servers that provide security and privacy of users and their e-mails. It uses all required standards: S/MIME for formatting of secure letters, strong cryptographic algorithms, PKI protocols and certificates. We already have the first implementation and an instance of the system is very easy to install and to use.
Keywords: Internet; cryptographic protocols; data privacy; electronic mail; public key cryptography; Internet; PKI protocols; S-MIME; casual observers; commercial advertisers; cryptographic algorithms; digital world; government agencies; legitimate user authentication; locations privacy; privacy intrusions; privacy-enhanced e-mail system; proxy concept; secure letters; security extensions; tracking intrusions; user information privacy; Cryptography; Electronic mail; Postal services; Privacy; Servers; Standards; E-mail; PKI; Proxy Server; S/MIME; X.509 certificates (ID#: 15-6408)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6859787&isnumber=6859515

Hongyang Li; Dan, G.; Nahrstedt, K., “Portunes: Privacy-Preserving Fast Authentication for Dynamic Electric Vehicle Charging,” Smart Grid Communications (SmartGridComm), 2014 IEEE International Conference on, vol., no., pp. 920, 925, 3-6 Nov. 2014. doi:10.1109/SmartGridComm.2014.7007766
Abstract: Dynamic contactless charging is an emerging technology for charging electric vehicles (EV) on the move. For efficient charging and for proper billing, dynamic charging requires secure communication between the charging infrastructure and the EVs that supports very frequent real-time message exchange for EV authentication. In this paper we propose Portunes, an authentication protocol for charging pads to authenticate an EV’s identity. Portunes uses pseudonyms to provide location privacy, allows EVs to roam between different charging sections and receive a single bill, and achieves fast authentication by relying on symmetric keys and on the spatio-temporal location of the EV. We have implemented Portunes on RaspberryPi Model B with 700 MHz CPU and 512 MB RAM. Portunes allows the EV to generate authentication information within 0.3 ms, and allows charging pads to verify the information within 0.5 ms. In comparison, ECDSA signature generation and verification take over 25 ms and over 40 ms respectively.
Keywords: battery powered vehicles; message authentication; power engineering computing; EV authentication; Portunes; RaspberryPi Model B; dynamic contactless charging; dynamic electric vehicle charging; privacy-preserving fast authentication; Authentication; Public key; Roads; Switches; Synchronization; Wireless communication (ID#: 15-6409)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7007766&isnumber=7007609

Li Li; Jun Pang; Yang Liu; Jun Sun; Jin Song Dong, “Symbolic Analysis of an Electric Vehicle Charging Protocol,” Engineering of Complex Computer Systems (ICECCS), 2014 19th International Conference on, vol., no., pp. 11, 18, 4-7 Aug. 2014. doi:10.1109/ICECCS.2014.11
Abstract: In this paper, we describe our analysis of a recently proposed electric vehicle charing protocol. The protocol builds on complicated cryptographic primitives such as commitment, zero-knowledge proofs, BBS+ signature and etc. Moreover, interesting properties such as secrecy, authentication, anonymity, and location privacy are claimed on this protocol. It thus presents a challenge for formal verification, as existing tools for security protocol analysis lack support for all the required features. In our analysis, we employ and combine the strength of two state-of-the-art symbolic verifiers, Tamarin and Prove if, to check all important properties of the protocol.
Keywords: cryptographic protocols; electric vehicles; electrical engineering computing; formal verification; electric vehicle charging protocol; security protocol analysis; symbolic analysis; Authentication; Cryptography; Educational institutions; Electric vehicles; Privacy; Protocols; anonymity location; authentication; privacy; secrecy; symbolic verification (ID#: 15-6410)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6923113&isnumber=6923102

Khatkar, M.; Phogat, N.; Kumar, B., “Reliable Data Transmission In Anonymous Location Aided Routing in MANET By Preventing Replay Attack,” Reliability, Infocom Technologies and Optimization (ICRITO) (Trends and Future Directions), 2014 3rd International Conference on, vol., no., pp. 1, 6, 8-10 Oct. 2014. doi:10.1109/ICRITO.2014.7014731
Abstract: Privacy and security are major issues in MANET, especially when used in sensitive areas. Secure routing protocols have been developed/proposed by researchers to provide security and privacy at various levels. ALARM protocol (Anonymous Location Aided Routing in MANET) provides both privacy and security features including confidentiality, authentication and authorization. Location based routing is based on some assumptions in MANET ie location of the mobile nodes (using GPS), Time Clock of mobile nodes are loosely synchronized, mobility and Nodes has uniform transmission range. In the current work an effort has been done to review the ALARM protocol and identify some of the security problems in MANET. Further the work suggests a mechanism to prevent malicious activity (replay attack) in MANET using monitoring method.
Keywords: data privacy; mobile ad hoc networks; routing protocols; synchronisation; telecommunication network reliability; telecommunication security; ALARM protocol; GPS; MANET; anonymous location aided routing protocol; data transmission reliability; malicious activity prevention; privacy feature; replay attack prevention; security feature; time clock synchronization; Authentication; Mobile ad hoc networks; Monitoring; Protocols; Routing; Synchronization; Alarm Protocol; Monitoring; Prevention; Replay attack (ID#: 15-6411)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7014731&isnumber=7014644

Mustafa, M.A.; Ning Zhang; Kalogridis, G.; Zhong Fan, “Roaming Electric Vehicle Charging and Billing: An Anonymous Multi-User Protocol,” Smart Grid Communications (SmartGridComm), 2014 IEEE International Conference on, vol., no., pp. 939, 945, 3-6 Nov. 2014. doi:10.1109/SmartGridComm.2014.7007769
Abstract: In this paper, we propose a secure roaming electric vehicle (EV) charging protocol that helps preserve users’ privacy. During a charging session, a roaming EV user uses a pseudonym of the EV (known only to the user’s contracted supplier) which is anonymously signed by the user’s private key. This protocol protects the user’s identity privacy from other suppliers as well as the user’s privacy of location from its own supplier. Further, it allows the user’s contracted supplier to authenticate the EV and the user. Using two-factor authentication approach a multiuser EV charging is supported and different legitimate EV users (e.g. family members) can be held accountable for their charging sessions. With each charging session, the EV uses a different pseudonym which prevents adversaries from linking the different charging sessions of the EV. On an application level, our protocol supports fair user billing, i.e. each user pays only for his/her own energy consumption, and an open EV marketplace in which EV users can safely choose among different remote host suppliers.
Keywords: cryptographic protocols; data privacy; electric vehicles; power consumption; private key cryptography; secondary cells; anonymous multiuser protocol; charging protocol; charging sessions; contracted supplier; electric vehicle billing; electric vehicle charging; energy consumption; fair user billing; multiuser EV charging; private key protocol; remote host suppliers; secure roaming electric vehicle; two-factor authentication; user identity privacy; Conferences; Electricity; Privacy; Protocols; Public key; Smart grids (ID#: 15-6412)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7007769&isnumber=7007609

Sathyasundary, P.; Chandrasekar, R., “Privacy and Integrity in Spatial Queries by Using Voronoi Neighbors,” Advanced Communication Control and Computing Technologies (ICACCCT), 2014 International Conference on, vol., no., pp. 1226, 1230, 8-10 May 2014. doi:10.1109/ICACCCT.2014.7019294
Abstract: Advances in network technologies and continuous growth of the Internet have triggered a new trend towards outsourcing data management need Service Providers. Outsourcing spatial database includes third party Service Providers which has attracted much attention from the individual and business data owners. With the popularity of mobile devices, it provides immediate and reliable location based information to smart phones. Hence the spatial information is delivered to real world users such as mobile users, therefore ensuring spatial integrity in OSDB becomes critical. To overcome this problem, Voronoi Neighbor Authentication (VN - Auth) technique is used, which utilizes the Voronoi diagram to prove the integrity of query result for the kNN query. Spatial query processing in spatial database attempts to extract specific geometric relations among spatial objects. The Service Provider verifies correctness and completeness of user query through which neighborhood information of Voronoi diagram. However the privacy of user location is not achieved in this paper. To avoid this drawback, it is proposed to apply Privacy aware LBS technique under the Voronoi Neighbor concept.
Keywords: computational geometry; data integrity; data privacy; mobile computing; outsourcing; query processing; smart phones; visual databases; Internet; OSDB; VN auth-technique; Voronoi diagram; Voronoi neighbor authentication technique; kNN query; mobile devices; neighborhood information; network technologies; outsourcing data management; outsourcing spatial database; privacy aware LBS technique; smart phones; spatial integrity; spatial queries; spatial query processing; Airports; Educational institutions; Mobile communication; Privacy; Rail transportation; Spatial databases; Authentication and Privacy; Location Anonymizer; Service Providers; Spatial Outsourcing Database; Voronoi Neighbor (ID#: 15-6413)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7019294&isnumber=7019129

Miao He; Kuan Zhang; Shen, X.S., “PMQC: A Privacy-Preserving Multi-Quality Charging Scheme in V2G Network,” Global Communications Conference (GLOBECOM), 2014 IEEE, vol., no., pp. 675, 680, 8-12 Dec. 2014. doi:10.1109/GLOCOM.2014.7036885
Abstract: Multi-quality charging, which provides the electric vehicles (EVs) with multiple levels of charging services, including quality-guaranteed service (QGS) and best effort service (BES), can guarantee the charging service quality for the qualified EVs in vehicle-to-grid (V2G) network. To perform the multi-quality charging, the evaluation on the EVs attributes is necessary to determine which level of charging service can be offered to this EV. However, the EV owner’s privacy such as real identity, lifestyle, location, and sensitive information in the attributes may be disclosed during the evaluation and authentication. In this paper, we propose a privacy-preserving multi-quality charging (PMQC) scheme in V2G network to evaluate the EVs attributes, authenticate its service eligibility and generate its bill without revealing the EVs private information. Specifically, we propose an evaluation mechanism on the EVs attributes to determine its charging service quality. With attribute based encryption, PMQC can prevent the EVs attributes from being disclosed to other entities during the evaluation. In addition, PMQC can authenticate the EV without revealing its real identity. Security analysis demonstrates that the EVs privacy mentioned above can be preserved by PMQC. Performance evaluation results show that PMQC can achieve higher efficiency in authentication compared with other schemes in terms of computation overhead.
Keywords: battery powered vehicles; computer network security; cryptography; data privacy; power engineering computing; secondary cells;PMQC;V2G network; attribute based encryption; best effort service; charging service quality; electric vehicle attribute; electric vehicle charging; multiquality charging; privacy preserving charging; quality guaranteed service; service eligibility authentication; vehicle-to-grid network; Authentication; Batteries; Electricity; Information systems; Privacy; Public key; Smart grid; V2G network; authentication; privacy-preservation (ID#: 15-6415)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7036885&isnumber=7036769

Qin Zhang; Lazos, L., “Collusion-Resistant Query Anonymization for Location-Based Services,” Communications (ICC), 2014 IEEE International Conference on, vol., no., pp. 768, 774, 10-14 June 2014. doi:10.1109/ICC.2014.6883412
Abstract: We address the problem of anonymizing user queries when accessing location-based services. We design a novel location and query anonymization protocol called MAZE that preserves the user privacy without relying on trusted parties. MAZE guarantees the user’s anonymity and privacy in a decentralized manner using P2P groups. Compared to prior works, MAZE enables individual user authentication for the purpose of implementing a pay-peruse or membership subscription model and is resistant to collusion of the P2P users. We extend MAZE to L-MAZE, a multi-stage protocol that is resistant to collusion of the P2P users with the LBS, at the expense of higher communication overhead.
Keywords: data privacy; mobility management (mobile radio); peer-to-peer computing; protocols; query processing; MAZE; P2P groups; collusion resistant query anonymization; location based services; multistage protocol; query anonymization protocol; user privacy; user queries; Authentication; Cryptography; Information systems; Mobile radio mobility management; Peer-to-peer computing; Privacy; Protocols (ID#: 15-6416)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6883412&isnumber=6883277

Tianyu Zhao; Chang Chen; Lingbo Wei; Mengke Yu, “An Anonymous Payment System to Protect the Privacy of Electric Vehicles,” Wireless Communications and Signal Processing (WCSP), 2014 Sixth International Conference on, vol., no., pp. 1, 6, 23-25 Oct. 2014. doi:10.1109/WCSP.2014.6992208
Abstract: Electric vehicle is the automobile that powered by electrical energy stored in batteries. Due to the frequent recharging, vehicles need to be connected to the recharging infrastructure while they are parked. This may disclose drivers’ privacy, such as their location that drivers may want to keep secret. In this paper, we propose a scheme to enhance the privacy of the drivers using anonymous credential technique and Trusted Platform Module (TPM). We use anonymous credential technique to achieve the anonymity of vehicles such that drivers can anonymously and unlinkably recharge their vehicles. We add some attributes to the credential such as the type of the battery in the vehicle in case that the prices of different batteries are different. We use TPM to omit a blacklist such that the company that offer the recharging service (Energy Provider Company, EPC) does not need to conduct a double spending detection.
Keywords: battery powered vehicles; cryptography; data privacy; driver information systems; financial management; secondary cells; trusted computing; EPC; Energy Provider Company; TPM; anonymous credential technique; anonymous payment system; automobile; battery; double spending detection; driver privacy; electric vehicles; electrical energy; privacy protection; recharging infrastructure; recharging service; trusted platform module; Authentication; Batteries; Privacy; Protocols; Registers; Servers; Vehicles (ID#: 15-6417)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6992208&isnumber=6992003

Sadikin, M.F.; Kyas, M., “Security and Privacy Protocol for Emerging Smart RFID Applications,” Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD), 2014 15th IEEE/ACIS International Conference on, vol., no., pp. 1, 7, June 30 2014–July 2 2014. doi:10.1109/SNPD.2014.6888694
Abstract: The raise of smart RFID technology (i.e. sensor integration to RFID system) has introduced various advantages in the context of location awareness applications, reaching from low cost implementation and maintenance, to its flexibility to support large-scale system. Nevertheless, the use of such technology introduces tremendous security and privacy issues (e.g. unauthorized tracking, information leakage, cloning attack, data manipulation, collision attack, replay attack, Denial-of-Service, etc.). On the other hand, the constrained nature of RFID application makes the security enforcement is more complicated. This paper presents IMAKA-Tate: Identity protection, Mutual Authentication and Key Agreement using Tate pairing of Identity-based Encryption method. It is designed to tackle various challenges in the constrained nature of RFID applications by applying a light-weight cryptographic method with advanced-level 128 bit security protection. Indeed, our proposed solution protects the RFID system from various threats, as well as preserves the privacy by early performing encryption including the identity even before the authentication is started.
Keywords: data privacy; protocols; radiofrequency identification; telecommunication security; Denial-of-Service; RFID system; cloning attack; collision attack; data manipulation; identity based encryption method; identity protection; information leakage; key agreement; large-scale system; lightweight cryptographic method; location awareness applications; mutual authentication; privacy protocol; replay attack; security protection; security protocol; sensor integration; smart RFID applications; unauthorized tracking; Authentication; Cryptography;Payloads; Privacy; Protocols; Radiofrequency identification; Mutual Authentication; Privacy Preserving; Smart RFID Security (ID#: 15-6418)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6888694&isnumber=6888665

Raheem, A.; Lasebae, A.; Loo, J., “A Secure Authentication Protocol for IP-Based Wireless Sensor Communications Using the Location/ID Split Protocol (LISP),” Trust, Security and Privacy in Computing and Communications (TrustCom), 2014 IEEE 13th International Conference on, vol., no., pp. 840, 845, 24-26 Sept. 2014. doi:10.1109/TrustCom.2014.135
Abstract: The future of the Internet of Things (IoT) involves a huge number of node devices such as wireless sensors that can communicate in a machine-to-machine pattern, where devices will be globally addressed and identified. As the number of connected devices increased, the burden on the network infrastructure and the size of the routing tables and the efficiency of the current routing protocols in the Internet backbone increased as well. Recently, an IETF working group, along with the research group at Cisco, are working on a Locator/ID Separation Protocol as a routing architecture that provides new semantics for IP addressing, in order to simplify routing operations and improve scalability in the future of the Internet such as the IoT. In the light of the previous issue, this paper proposes an efficient security authentication and a key exchange scheme that is suited for Internet of things based on Locator/ID Separation protocol. The proposed protocol method meets practicability, simplicity, and strong notions of security. The protocol is verified using Automated Validation Internet Security Protocols and Applications (AVISPA) which is a push button tool for the automated validation of security protocols and the achieved results showed that they do not have any security flaws.
Keywords: Internet; cryptographic protocols; routing protocols; transport protocols; AVISPA; IP addressing; Internet backbone; Internet of Things; IoT; LISP; automated validation Internet security protocols and applications; key exchange scheme; location-ID split protocol; locator-ID separation protocol; machine-to-machine pattern; network infrastructure burden; push button tool; routing protocols; routing tables; security authentication; wireless sensors; Authentication; Internet; Peer-to-peer computing; Routing protocols; Wireless sensor networks; Internet of Things; Sensors; LISP; Validation of Internet (ID#: 15-6419)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7011335&isnumber=7011202
 

Rugamer, A.; Stahl, M.; Lukcin, I.; Rohmer, G., “Privacy Protected Localization and Authentication of Georeferenced Measurements Using Galileo PRS,” Position, Location and Navigation Symposium – PLANS 2014, 2014 IEEE/ION, vol., no.,
pp. 478, 486, 5-8 May 2014. doi:10.1109/PLANS.2014.6851406
Abstract: This paper describes two methods how ordinary users can profit from privacy protected localization and geo-referenced measurements authentication using the Galileo public regulated service (PRS). The user does not need to care about any security related PRS-receiver issue and his localization privacy is inherently protected. A raw data snapshot, containing only Galileo PRS data, is combined with an artifact to be authenticated and forwarded to a PRS enabled agency server. All PRS and security related functions are implemented on this server located in a secured place. The server uses cross-correlation and snapshot positioning methods to authenticate or obtain a position information out of the raw data. The described methods will not provide any direct PRS information, like PRS position or time, to the ordinary user. Only the specific user request is responded. Having outlined the architecture of possible implementations, limits and applications of the idea are discussed. Possible attacks on the methods are described with mitigation measures. The paper concludes with a comparison to the state of the art and other publications and projects in this field of GNSS authentication.
Keywords: Global Positioning System; data privacy; telecommunication security; GNSS authentication; Galileo PRS data; Galileo public regulated service; PRS enabled agency server; cross-correlation; georeferenced measurement authentication; privacy protected localization; raw data snapshot; security related PRS-receiver issue; snapshot positioning methods; Authentication; Europe; Privacy; Servers; Time measurement; PRS; Satellite navigation systems; Snapshot positioning (ID#: 15-6420)
URL:  http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6851406&isnumber=6851348
 

---

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

---

Location Privacy—Cloaking-Based Approaches, 2014

 

	Location Privacy—Cloaking-Based Approaches 2014

Location-based services have proven popular both with end users and with distributed systems operators. The research presented here looks at protecting privacy on these systems using cloaking-based methods. The work was published in 2014.

---

Zheng Jiangyu; Tan Xiaobin; Cliff, Z.; Niu Yukun; Zhu Jin, “A Cloaking-Based Approach to Protect Location Privacy in Location-Based Services,” Control Conference (CCC), 2014 33rd Chinese, vol., no., pp. 5459, 5464, 28-30 July 2014. doi:10.1109/ChiCC.2014.6895872
Abstract: With the widespread use of mobile devices, the location-based service (LBS) applications become increasingly popular, which introduces the new security challenge to protect user’s location privacy. On one hand, a user expects to report his own location as far as possible away from his real location to protect his location privacy. On the other hand, in order to obtain high quality of service (QoS), users are required to report their locations as accurate as possible. To achieve the dedicated tradeoff between privacy requirement and QoS requirement, we propose a novel approach based on cloaking technique. We also discuss the disadvantage of the traditional general system model and propose an improved model. The basic idea of our approach is to select a sub-area from the generated cloaking area as user’s reported location. The sub-area may not contain a user’s real location, which prevents an adversary from performing attack with side information. Specifically, by defining an objective function with a novel location privacy metric and a QoS metric, we are able to convert the privacy issue to an optimization problem. Then, location privacy metric and QoS metric are given. To reduce the complexity of the optimization, a heuristic algorithm is proposed. Through privacy-preserving analysis and comparison with related work [8], we demonstrate the effectiveness and efficiency of our approach.
Keywords: data protection; invisibility cloaks; mobility management (mobile radio); optimisation; quality of service; smart phones; telecommunication security; QoS metric; cloaking-based approach; heuristic algorithm; location privacy metric; location-based services; mobile devices; optimization problem; privacy preserving analysis; privacy requirement; security; user location privacy protection; Complexity theory; Heuristic algorithms; Measurement; Optimization; Privacy; Quality of service; Servers; Cloaking Area; Location Privacy; Location-based Services; k-anonymity (ID#: 15-6420)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6895872&isnumber=6895198

Jagdale, B.N.; Bakal, J.W., “Emerging Trends of Location Privacy Techniques in Location Aided Applications,” Contemporary Computing and Informatics (IC3I), 2014 International Conference on, vol., no., pp. 1002, 1006, 27-29 Nov. 2014. doi:10.1109/IC3I.2014.7019826
Abstract: While mobile services are maturing in the Mobile Computing world, location services have started mushrooming in every day work which are making good impact for humans as well as all moving resources. With this development, serious threat of location privacy has emerged and becoming inevitable part of this kind of services. Present systems do not have concrete answer of location privacy because of absence of robust technology, poor governance and business interest. Modern ways need to be practiced, including Cryptography, Collaborative, Distributed and Internationally legal governance protocols. There are dozens of cloaking methods such as dummy users, K-Anonymity, false location queries, dummy queries, cryptography protocols, etc., however no commercial LBS systems guarantees the location privacy. In this paper, we have studied drawbacks of existing techniques. We have proposed either modification or novel methods to protect location privacy. Moreover we have suggested to analyse privacy strength, energy consumption, and accuracy of services, overhead cost such as computing and communication cost.
Keywords: cryptographic protocols; data protection; mobile computing; LBS systems; cloaking methods; collaborative protocol; communication cost analysis; computing cost analysis; cryptography protocol; distributed protocol; energy consumption, analyse; internationally legal governance protocol; location aided applications; location privacy protection; location privacy techniques; location privacy threat; location services; mobile services; overhead cost analysis; privacy strength analysis; service accuracy analysis; Computer architecture; Data privacy; Mobile communication; Mobile computing; Privacy; Protocols; Servers; Location Privacy; Security; distributed (ID#: 15-6421)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7019826&isnumber=7019573

Xun Yi; Paulet, R.; Bertino, E.; Varadharajan, V., “Practical k Nearest Neighbor Queries with Location Privacy,” Data Engineering (ICDE), 2014 IEEE 30th International Conference on, vol., no., pp. 640, 651, March 31 2014–April 4 2014. doi:10.1109/ICDE.2014.6816688
Abstract: In mobile communication, spatial queries pose a serious threat to user location privacy because the location of a query may reveal sensitive information about the mobile user. In this paper, we study k nearest neighbor (kNN) queries where the mobile user queries the location-based service (LBS) provider about k nearest points of interest (POIs) on the basis of his current location. We propose a solution for the mobile user to preserve his location privacy in kNN queries. The proposed solution is built on the Paillier public-key cryptosystem and can provide both location privacy and data privacy. In particular, our solution allows the mobile user to retrieve one type of POIs, for example, k nearest car parks, without revealing to the LBS provider what type of points is retrieved. For a cloaking region with n×n cells and m types of points, the total communication complexity for the mobile user to retrieve a type of k nearest POIs is O(n+m) while the computation complexities of the mobile user and the LBS provider are O(n + m) and O(n²m), respectively. Compared with existing solutions for kNN queries with location privacy, our solutions are more efficient. Experiments have shown that our solutions are practical for kNN queries.
Keywords: communication complexity; data privacy; mobility management (mobile radio); pattern recognition; public key cryptography; query processing; LBS querying; Paillier public-key cryptosystem; cloaking region; computation complexities; data privacy; k nearest POIs retrieval; k nearest car parks; k nearest points of interest; kNN queries; location privacy preservation; location-based service provider querying; mobile communication; mobile user; practical k nearest neighbor queries; spatial queries; total communication complexity; user location privacy; Data privacy; Databases; Games; Middleware; Mobile communication; Privacy; Protocols (ID#: 15-6422)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6816688&isnumber=6816620

Bidi Ying; Makrakis, D., “Protecting Location Privacy with Clustering Anonymization in Vehicular Networks,” Computer Communications Workshops (INFOCOM WKSHPS), 2014 IEEE Conference on, vol., no., pp. 305, 310, April 27 2014–May 2 2014. doi:10.1109/INFCOMW.2014.6849249
Abstract: Location privacy is an important issue in location-based services. A large number of location cloaking algorithms have been proposed for protecting location privacy of users. However, these algorithms cannot be used in vehicular networks due to constrained vehicular mobility. In this paper, we propose a new method named Protecting Location Privacy with Clustering Anonymization (PLPCA) for location-based services in vehicular networks. This PLPCA algorithm starts with a road network transforming to an edge-cluster graph in order to conceal road information and traffic information, and then provides a cloaking algorithm based on A-anonymity and l-diversity as privacy metrics to further enclose a target vehicle's location. Simulation analysis shows our PLPCA has good performances like the strength of hiding of road information & traffic information.
Keywords: data privacy; graph theory; mobility management (mobile radio); pattern clustering; telecommunication security; vehicular ad hoc networks; PLPCA algorithm; edge-cluster graph; k-anonymity; l-diversity; location based service; location cloaking algorithm; protecting location privacy with clustering anonymization; road information hiding; road network transforming; traffic information hiding; vehicular ad hoc network; vehicular mobility; Clustering algorithms; Conferences; Privacy; Roads; Social network services; Vehicle dynamics; Vehicles; cluster; location privacy; location-based services; vehicular networks (ID#: 15-6423)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6849249&isnumber=6849127

Jagdale, B.N.; Bakal, J.W., “Synergetic Cloaking Technique in Wireless Network for Location Privacy,” Industrial and Information Systems (ICIIS), 2014 9th International Conference on, vol., no., pp. 1, 6, 15-17 Dec. 2014. doi:10.1109/ICIINFS.2014.7036480
Abstract: Mobile users access location services from a location based server. While doing so, the user’s privacy is at risk. The server has access to all details about the user. Example the recently visited places, the type of information he accesses. We have presented synergetic technique to safeguard location privacy of users accessing location-based services via mobile devices. Mobile devices have a capability to form ad-hoc networks to hide a user’s identity and position. The user who requires the service is the query originator and who requests the service on behalf of query originator is the query sender. The query originator selects the query sender with equal probability which leads to anonymity in the network. The location revealed to the location service provider is a rectangle instead of exact co-ordinate. In this paper we have simulated the mobile network and shown the results for cloaking area sizes and performance against the variation in the density of users.
Keywords: data privacy; mobile ad hoc networks; mobility management (mobile radio); probability; telecommunication security; telecommunication services; ad-hoc networks; cloaking area sizes; location based server; location privacy; location service provider; location-based services; mobile devices; mobile network; mobile users; query originator; query sender; synergetic cloaking technique; user privacy; wireless network; Ad hoc networks; Cryptography; Databases; Educational institutions; Mobile communication; Privacy; Servers; Cloaking; Collaboration; Location Privacy; Mobile Networks; Performance (ID#: 15-6424)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7036480&isnumber=7036459

Yujia Zhu; Lidong Zhai, “Location Privacy in Buildings: A 3-Dimensional K-Anonymity Model,” Mobile Ad-hoc and Sensor Networks (MSN), 2014 10th International Conference on, vol., no., pp. 195, 200, 19-21 Dec. 2014. doi:10.1109/MSN.2014.33
Abstract: Privacy protection has recently received considerable attention in location-based services. In this paper, we show that most of the existing k-anonymity location cloaking algorithms are concerned only and cannot effectively prevent location-dependent attacks when users’ locations have height information. Therefore, adopting the three dimensional location information, we propose a new clique-based cloaking algorithm, called 3d Clique Cloak, to defend against location leaks in indoor environment. The main idea is to expand the MBV (minimum bounding volume) to a three-dimensional space, thus for a user who initiated location services can find k-anonymity cloaking set in the three-dimensional space. The efficiency and effectiveness of the proposed 3d Clique Cloak algorithm are validated by series of carefully designed experiments.
Keywords: data privacy; indoor radio; mobile computing; solid modelling; telecommunication computing; telecommunication security; 3D K-anonymity model; 3D location information; 3D space; 3d CliqueCloak algorithm; MBV; clique-based cloaking algorithm; indoor environment; k-anonymity location cloaking algorithms; location privacy protection; location-based services; minimum bounding volume; Engines; Floors; Layout; Measurement; Mobile communication; Privacy; indoor localization; k-anonymity; location privacy; location-based services (ID#: 15-6425)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7051770&isnumber=7051734

Corser, G.; Huirong Fu; Tao Shu; D’Errico, P.; Ma, W.; Supeng Leng; Ye Zhu, “Privacy-by-Decoy: Protecting Location Privacy Against Collusion and Deanonymization in Vehicular Location Based Services,” Intelligent Vehicles Symposium Proceedings, 2014 IEEE, vol., no., pp. 1030, 1036, 8-11 June 2014. doi:10.1109/IVS.2014.6856595
Abstract: Wireless networks which would connect vehicles via the Internet to a location based service, LBS, also would expose vehicles to online surveillance. In circumstances when spatial cloaking is not effective, such as when continuous precise location is required, LBSs may be designed so that users relay dummy queries through other vehicles to camouflage true locations. This paper introduces PARROTS, Position Altered Requests Relayed Over Time and Space, a privacy protocol which protects LBS users’ location information from LBS administrators even (1) when the LBS requires continuous precise location data in a vehicular ad hoc network, (2) when LBS administrators collude with administrators of vehicular wireless access points (a.k.a. roadside units, or RSUs), and (3) when precise location data might be deanonymized using map databases linking vehicle positions with vehicle owners’ home/work addresses and geographic coordinates. Defense against deanonymization requires concealment of endpoints, the effectiveness of which depends on the density of LBS users and the endpoint protection zone size. Simulations using realistic vehicle traffic mobility models varying endpoint protection zone sizes measure improvements in privacy protection.
Keywords: data privacy; radio access networks; telecommunication security; vehicular ad hoc networks; Internet; LBSs; PARROTS; VANET; dummy queries; endpoint concealment; endpoint protection zone size; location data deanonymization; location privacy protection; map databases; online surveillance; position altered requests relayed over time and space; privacy protocol; privacy-by-decoy; vehicle traffic mobility models; vehicular ad hoc network; vehicular location based services; vehicular wireless access points; wireless networks; Computational modeling; Cryptography; Mathematical model; Measurement; Privacy; Surveillance; Vehicles (ID#: 15-6426)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6856595&isnumber=6856370

Jagdale, B.N.; Bakal, J.W., “Myself: Local Perturbation for Location Privacy in LBS Applications,” Advances in Computing, Communications and Informatics (ICACCI, 2014 International Conference on, vol., no., pp. 1981, 1985, 24-27 Sept. 2014. doi:10.1109/ICACCI.2014.6968641
Abstract: The location security in current location-based services (LBS) meets threat where mobile users have to report their actual location knowledge to the LBS provider in order to get their desired POI, (Points of Interests). We consider location privacy techniques that work using obfuscation operators and provide different information services using different cloaking techniques without any trusted components other than the client’s mobile device. The techniques are then covered according to the random category. It blurs the accurate user location (i.e., a point with coordinates) and replaces it with a well-shaped cloaked region (e.g. Circle, Rectangle, Pentagon etc.). We have recommended the technique where instead of exchanging cloaking data with peers, user queries directly to LBS. We have presented techniques where first technique which provides different privacy levels using obfuscation operators. The second technique for query processing generates the region of different shapes. Third demonstrates regional cloaking and two more new ideas are presented. We have shown effectiveness and performance of these techniques.
Keywords: data privacy; mobile computing; query processing; LBS applications; POI; cloaking techniques; information services; local perturbation; location privacy; location security; location-based services; mobile users; obfuscation operators; query processing; random category; regional cloaking; Cities and towns; Clocks; Context; Europe; Mobile communication; Robustness; Shape; Cloaking; Location Privacy; Location-Based Services; Security (ID#: 15-6427)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6968641&isnumber=6968191

Xu Zhang; Gyoung-Bae Kim; Hae-Young Bae, “An Adaptive Spatial Cloaking Method for Privacy Protection in Location-Based Service,” Information and Communication Technology Convergence (ICTC), 2014 International Conference on, vol., no., pp. 480, 485, 22-24 Oct. 2014. doi:10.1109/ICTC.2014.6983186
Abstract: Location privacy has been a serious concern for mobile users who use location-based services. However, existing cloaking methods suffer from computation and communication cost due to the large cloaking area. In this paper, we propose an adaptive spatial cloaking method based on the semantic locations to protect users’ privacy. The cloaking region is generated in an asymmetric way and can obtain a reasonable cloaking size. The performance exhibits that our proposed method renders good performance in efficiency and scalability by improving computation and communication overhead.
Keywords: data protection; invisibility cloaks; mobile radio; adaptive spatial cloaking method; communication cost; communication overhead; computation cost; location privacy; location-based service; user privacy protection; Computer architecture; Indexes; Mobile radio mobility management; Privacy; Semantics; Servers; Trajectory; Location Privacy; Location-based Service; Spatial Cloaking (ID#: 15-6428)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6983186&isnumber=6983064

Dhawale, S.P.; Raut, A.R., “Analysis of Location Monitoring Techniques with Privacy Preservation in WSN,” Communication Systems and Network Technologies (CSNT), 2014 Fourth International Conference on, vol., no., pp. 649, 653, 7-9 April 2014. doi:10.1109/CSNT.2014.136
Abstract: The trend of location surveillance system is increasing day-by-day, so the range of such services providing systems like GPS and PDA’s conjointly increase parallel. As a result of this, we tend to get the precise and applicable location of monitoring object. However at an equivalent time the foremost necessary issue of privacy is missing. WSN chiefly consists of spatially distributed autonomous sensors that monitor physical or environmental conditions and cooperatively pass their data through the wireless network to a main location in WSN. The main challenges in wireless sensor network are heterogeneousness, distributed processing, low bandwidth communication, large scale coordination and secured location monitoring. There is a variety of applications that are developed on the basis of wireless sensor network, such as navigation, habitat monitoring, objects detection and tracking. Location monitoring systems are used to detect human activities and provide monitoring services with low privacy. This paper gives comparative analysis of the location monitoring and privacy providing schemes. There are some problems in previous papers that are: wrong location providing, provide precise location except privacy, providing privacy as well location except the data used is static data. The method proposed in this paper is more reliable to overcome such problems.
Keywords: Global Positioning System; data privacy; surveillance; telecommunication security; wireless sensor networks; GPS; PDA; WSN; distributed processing; environmental condition; habitat monitoring; human activity detection; location surveillance system; low bandwidth communication; navigation; object detection; object tracking; privacy preservation; secured location monitoring technique; spatially distributed autonomous sensor; wireless sensor network; Data privacy; Monitoring; Peer-to-peer computing; Privacy; Sensors; Servers; Wireless sensor networks; Anonymization; Wireless sensor network; cloaking; location monitoring; privacy preserving (ID#: 15-6429)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6821478&isnumber=6821334

Niu, B.; Qinghua Li; Xiaoyan Zhu; Guohong Cao; Hui Li, “Achieving K-Anonymity in Privacy-Aware Location-Based Services,” INFOCOM, 2014 Proceedings IEEE, vol., no., pp. 754, 762, April 27 2014-May 2 2014. doi:10.1109/INFOCOM.2014.6848002
Abstract: Location-Based Service (LBS) has become a vital part of our daily life. While enjoying the convenience provided by LBS, users may lose privacy since the untrusted LBS server has all the information about users in LBS and it may track them in various ways or release their personal data to third parties. To address the privacy issue, we propose a Dummy-Location Selection (DLS) algorithm to achieve k-anonymity for users in LBS. Different from existing approaches, the DLS algorithm carefully selects dummy locations considering that side information may be exploited by adversaries. We first choose these dummy locations based on the entropy metric, and then propose an enhanced-DLS algorithm, to make sure that the selected dummy locations are spread as far as possible. Evaluation results show that the proposed DLS algorithm can significantly improve the privacy level in terms of entropy. The enhanced-DLS algorithm can enlarge the cloaking region while keeping similar privacy level as the DLS algorithm.
Keywords: data privacy; mobile computing; DLS algorithm; cloaking region; dummy-location selection algorithm; entropy metric; k-anonymity; privacy-aware location-based services; untrusted LBS server; user information; Algorithm design and analysis; Computers; Conferences; Entropy; Measurement; Privacy; Servers (ID#: 15-6430)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6848002&isnumber=6847911

Ben Niu; Zhengyan Zhang; Xiaoqing Li; Hui Li, “Privacy-Area Aware Dummy Generation Algorithms for Location-Based Services,” Communications (ICC), 2014 IEEE International Conference on, vol., no., pp. 957, 962, 10-14 June 2014. doi:10.1109/ICC.2014.6883443
Abstract: Location-Based Services (LBSs) have been one of the most popular activities in our daily life. Users can send queries to the LBS server easily to learn their surroundings. However, these location-related queries may result in serious privacy concerns since the un-trusted LBS server has all the information about users and may track them in various ways. In this paper, we propose two dummy-based solutions to achieve k-anonymity for privacy-area aware users in LBSs with considering that side information may be exploited by adversaries. We first choose some candidates based on a virtual circle or grid method, then blur these candidates into the final positions of dummy locations based on the entropy-based privacy metric. Security analysis and evaluation results indicate that the V-circle solution can significantly improve the privacy anonymity level. The V-grid solution can further enlarge the cloaking region while keeping similar privacy level.
Keywords: data privacy; query processing; ubiquitous computing; V-circle solution; cloaking region; entropy-based privacy metric; k-anonymity; location-based services; location-related queries; privacy-area aware dummy generation algorithm; privacy-area aware users; security analysis; Entropy; Information systems; Mobile communication; Privacy; Resistance; Security; Servers (ID#: 15-6431)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6883443&isnumber=6883277

Ben Niu; Qinghua Li; Xiaoyan Zhu; Hui Li, “A Fine-Grained Spatial Cloaking Scheme for Privacy-Aware Users in Location-Based Services,” Computer Communication and Networks (ICCCN), 2014 23rd International Conference on, vol., no., pp. 1, 8, 4-7 Aug. 2014. doi:10.1109/ICCCN.2014.6911813
Abstract: In Location-Based Services (LBSs) mobile users submit location-related queries to the untrusted LBS server to get service. However, such queries increasingly induce privacy concerns from mobile users. To address this problem, we propose FGcloak, a novel fine-grained spatial cloaking scheme for privacy-aware mobile users in LBSs. Based on a novel use of modified Hilbert Curve in a particular area, our scheme effectively guarantees k-anonymity and at the same time provides larger cloaking region. It also uses a parameter σ for users to make fine-grained control on the system overhead based on the resource constraints of mobile devices. Security analysis and empirical evaluation results verify the effectiveness and efficiency of our scheme.
Keywords: data privacy; mobile computing; FGcloak; Hilbert Curve; LBS; fine grained spatial cloaking scheme; fine-grained control; location based services; novel fine-grained spatial cloaking scheme; privacy aware mobile users; privacy aware users; security analysis; Algorithm design and analysis; Control systems; Mobile communication; Privacy; Security; Servers; Standards (ID#: 15-6432)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6911813&isnumber=6911704

Sato, F., “User Location Anonymization Based on Secret Computation,” Broadband and Wireless Computing, Communication and Applications (BWCCA), 2014 Ninth International Conference on, vol., no., pp. 410, 415, 8-10 Nov. 2014. doi:10.1109/BWCCA.2014.96
Abstract: Recently, highly accurate positioning devices enable us to provide various types of location based services (LBS). Since location information may reveal private information, preserving location privacy has become a significant issue in LBS. Lots of different techniques for securing the location privacy have been proposed, for instance the concept of Silent period, the concept of Dummy node, and the concept of Cloaking-region. However, many of these were not focused on information leakage on the servers. In this paper, we propose a user location management method based on the secure computation algorithm which protects information leakage from the location management servers. This algorithm is based on the multi-party computation and the computation complexity is not so high. We evaluated the proposed scheme in comparison with the method based on the homomorphic cryptographic method.
Keywords: cryptography; data privacy; cloaking-region; computation complexity; dummy node; homomorphic cryptographic method; location based services; location privacy; secure computation algorithm; silent period; user location anonymization; user location management method; Encryption; Mobile communication; Privacy; Quality of service; Registers; Servers; location anonymization; location based services; location privacy (ID#: 15-6433)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7016106&isnumber=7015998

Yong Wang; Long-ping He; Jing Peng; Jie Hou; Yun Xia, “A Context-Dependent Privacy Preserving Framework In Road Networks,” Communications (ICC), 2014 IEEE International Conference on, vol., no., pp. 628, 633, 10-14 June 2014. doi:10.1109/ICC.2014.6883389
Abstract: The prevalence of Location Based Services (LBSs) increases personal privacy concerns due to the untrustworthy service providers. We demonstrate a context-dependent privacy preserving framework for users whose movements are confined by the underlying road networks. Both the location privacy and query privacy in continuous queries are preserved as they are closely related. For continuous query services, different positions on a user’s trajectory may have different privacy sensitivities. In addition, privacy is about users’ feelings and varies among them. Hence, a Policy Service (PS) is introduced to generate context-dependent privacy strategies according to user-defined privacy profiles. Meanwhile, a semi-honest Anonymizing Service (AS) is employed to generate prediction-based cloaks with history information for users while satisfying their privacy strategies. The PS and AS interact with each other in the way to ensure neither of them can obtain both the location information and the query contents. The simulated results show the effectiveness of our framework in the view of privacy preserving and system performance.
Keywords: cloud computing; data privacy; query processing; LBS; context-dependent privacy preserving framework; continuous query services; history information; location based services; location privacy; policy service; prediction-based cloaks; privacy sensitivity; query privacy; semihonest anonymizing service; underlying road networks; user trajectory; user-defined privacy profiles; Privacy; Quality of service; Resistance; Roads; Security; Sensitivity; Trajectory; Location Based Services (LBSs); continuous query service; privacy preserving; road networks (ID#: 15-6434)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6883389&isnumber=6883277

Pandit, A.; Polina, P.; Kumar, A.; Bin Xie, “CAPPA: Context Aware Privacy Protecting Advertising—An Extension to CLOPRO Framework,” Services Computing (SCC), 2014 IEEE International Conference on, vol., no., pp. 805, 812, June 27 2014–July 2 2014. doi:10.1109/SCC.2014.109
Abstract: Advent of 4G networks, IPV6 and increased number of subscribers to these, has triggered many free applications that are easy to install on smart mobile devices, a primary computing device for many. The free application markets are sustainable as revenue model for most of these service providers is through profiling of users and pushing of the advertisements to the users. This imposes a serious threat to user’s privacy. Most of the existing solutions starve the developers of their revenue by falsifying / altering the information of the users. In this paper, we attempt to bridge this gap by extending our integrated Context Cloaking Privacy Protection framework (CLOPRO) that achieves identity privacy, location privacy, and query privacy without depriving the service provider of sustainable revenue generated through the use of the Context Aware Privacy Preserving Advertising (CAPPA). The CLOPRO framework has been shown to provide privacy to the user while using location based services. In this paper we demonstrate how this framework can be extended to deliver the advertisements / coupons based on users interests, specified at the time of registration, and the current context of the user without revealing these details to the service provider. The original service requests of the registered users are modified by the CLOPRO framework using concepts of clustering and abstraction. The results are filtered to deliver the relevant information to the user. Since the advertisements received are relevant to the user, the click rate is likely to increase ensuring increased revenue for service provider. The proposed framework has O(n) complexity.
Keywords: advertising data processing; data privacy; information services; mobile computing; pattern clustering;4G networks; CAPPA framework; CLOPRO framework; IPV6;Internet protocol; O(n) complexity; abstraction concept; clustering concept; context aware privacy protecting advertising; context cloaking privacy protection framework; fourth-generation networks; free application markets; identity privacy; location based services; location privacy; query privacy; service provider; smart mobile devices; user privacy; Advertising; Context; Context-aware services; Mobile communication; Mobile handsets; Privacy; Servers; Abstraction; Anonymization; Clustering; Context Aware Advertising; Context Cloaking; Location Based Services; Privacy Protection
(ID#: 15-6435)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6930611&isnumber=6930500

Chunhui Piao; Xiaoyan Li; Xiao Pan, “Research on the User Privacy Protection Method in Mobile Commerce,” e-Business Engineering (ICEBE), 2014 IEEE 11th International Conference on, vol., no., pp. 177, 184, 5-7 Nov. 2014. doi:10.1109/ICEBE.2014.39
Abstract: The wide application of mobile commerce has brought great convenience to people’s work and lives, however, the risk of privacy disclosure has been receiving more and more attention from the academia and industry. In this paper, after analyzing the privacy concerns in mobile commerce, the commonly used privacy preserving technologies in mobile environments are discussed. A privacy preserving operation model for the mobile commerce alliance providing location-based services is established. Aiming at preventing the sensitive homogeneity attack, an anonymity model for sensitive information is defined formally. Based on the anonymity model, a new cloaking algorithm named as EMDASS is described in detail, whose basic idea is exchanging and merging users. This algorithm can be used to protect the mobile user’s location, identifier and other sensitive information on road networks. Finally, the availability of the privacy preserving algorithm proposed is illustrated by an example.
Keywords: data privacy; mobile commerce; risk management; EMDASS; anonymity model; cloaking algorithm; location-based services; mobile commerce alliance; mobile environments; mobile user location protection; privacy disclosure risk; privacy preserving algorithm; privacy preserving operation model; privacy preserving technologies; road networks; sensitive homogeneity attack; sensitive information; user privacy protection method; Business; Mobile computing; Mobile radio mobility management; Privacy; Roads; Sensitivity; Mobile commerce; Mobile commerce alliance; Privacy preserving algorithm; Sensitive information
(ID#: 15-6436)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6982077&isnumber=6982037

Pournajaf, L.; Li Xiong; Sunderam, V.; Goryczka, S., “Spatial Task Assignment for Crowd Sensing with Cloaked Locations,” Mobile Data Management (MDM), 2014 IEEE 15th International Conference on, vol. 1, no., vol., no., pp. 73, 82, 14-18 July 2014. doi:10.1109/MDM.2014.15
Abstract: Distributed mobile crowd sensing is becoming a valuable paradigm, enabling a variety of novel applications built on mobile networks and smart devices. However, this trend brings several challenges, including the need for crowd sourcing platforms to manage interactions between applications and the crowd (participants or workers). One of the key functions of such platforms is spatial task assignment which assigns sensing tasks to participants based on their locations. Task assignment becomes critical when participants are hesitant to share their locations due to privacy concerns. In this paper, we examine the problem of spatial task assignment in crowd sensing when participants utilize spatial cloaking to obfuscate their locations. We investigate methods for assigning sensing tasks to participants, efficiently managing location uncertainty and resource constraints. We propose a novel two-stage optimization approach which consists of global optimization using cloaked locations followed by a local optimization using participants’ precise locations without breaching privacy. Experimental results using both synthetic and real data show that our methods achieve high sensing coverage with low cost using cloaked locations.
Keywords: computational complexity; distributed sensors; mobile computing; optimisation; NP-hard problem; cloaked locations; crowd sourcing platforms; distributed mobile crowd sensing; global optimization approach; local optimization approach; location uncertainty management; mobile networks; privacy concerns; resource constraints; smart devices; spatial cloaking; spatial task assignment; two-stage optimization approach; Estimation; Mobile communication; Optimization; Privacy; Sensors; Servers; Uncertainty (ID#: 15-6437)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6916906&isnumber=6916883

Sangeetha, S.; Dhanabal, S.; Kaliappan, V.K., “Optimization of K-NN Query Processing in Road Networks Using Frequent Query Retrieval Table,” Computing and Communication Technologies (WCCCT), 2014 World Congress on, vol., no., pp. 228, 230, Feb. 27 2014–March 1 2014. doi:10.1109/WCCCT.2014.22
Abstract: Location Based Services has been widely used to guide the user with real time information. The efficient query processing and preserving the privacy of the user is a key challenge in these applications. There have been many researches for anonymity in the spatial network by generating cloaking region in the Road networks and a K-NN algorithm is used for processing query in this region. If the same query is issued frequently and processing these queries continuously is an issue. In this paper, a novel Frequent Query Retrieval Table (FQRT) is proposed to increase the efficiency of query processing in the K-NN algorithm. FQRT maintains the results of the frequently occurring queries and can be retrieved when the same query is issued in the cloaking region. The proposed FQRT algorithm reduces the query processing time and the network expansion cost.
Keywords: data privacy; mobile computing; optimisation; query processing; FQRT; K-NN query processing optimization; cloaking region; frequent query retrieval table; location based services; network expansion cost; road networks; spatial network; user guidance; user privacy preservation; Algorithm design and analysis; Mobile communication; Privacy; Query processing; Roads; Servers; Time factors; Query Processing; Road Networks; k-NN Queries (ID#: 15-6438)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6755146&isnumber=6755083
 

---

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.
 

---

MANET Security and Privacy, 2014

 

	MANET Security and Privacy 2014

Security and privacy are important research issues for mobile ad hoc networks (MANETs). The studies cited here were conducted and presented in 2014 and were recovered on June 24, 2015.

---

Srihari Babu, D.V.; Reddy, P.C., “Secure Policy Agreement for Privacy Routing in Wireless Communication System,” Control, Instrumentation, Communication and Computational Technologies (ICCICCT), 2014 International Conference on, vol., no., pp. 739, 744, 10-11 July 2014. doi:10.1109/ICCICCT.2014.6993057
Abstract: Security and privacy are major issues which risk the wireless communication system in successful operation employment in Adhoc and Sensor networks. Message confidentiality can be assured through successful message or content encryption, but it is very difficult to address the source location privacy. A number of schemes and polices have been proposed to protect privacy in wireless networks. Many security schemes are offered but none of those provide complete security property for data packets and control packets. This paper proposes a secure policy agreement approach for open-privacy routing in wireless communication using location-centric communication model to achieve efficient security and privacy against both Internal and External adversary pretenders. To evaluate the performance of our proposal we analyze the security, privacy and performance comparisons to alternate techniques. Simulation result shows an improvisation in proposed policy and it is more efficient and offers better privacy when compare to the prior works.
Keywords: ad hoc networks; cryptography; data privacy; telecommunication network routing; wireless channels; wireless sensor networks; complete security property; content encryption; control packets; data packets; external adversary pretenders; internal adversary pretenders; location-centric communication; message confidentiality; message encryption; open-privacy routing; secure policy agreement; sensor networks; source location privacy; successful operation employment; wireless communication system; Mobile ad hoc networks; Privacy; Public key; Routing; Routing protocols; MANET; Privacy Routing; Secure policy; Wireless Communication (ID#: 15-6181)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6993057&isnumber=6992918

Khatkar, M.; Phogat, N.; Kumar, B., “Reliable Data Transmission in Anonymous Location Aided Routing in MANET by Preventing Replay Attack,” Reliability, Infocom Technologies and Optimization (ICRITO) (Trends and Future Directions), 2014 3rd International Conference on, vol., no., pp. 1, 6, 8-10 Oct. 2014. doi:10.1109/ICRITO.2014.7014731
Abstract: Privacy and security are major issues in MANET, especially when used in sensitive areas. Secure routing protocols have been developed/proposed by researchers to provide security and privacy at various levels. ALARM protocol (Anonymous Location Aided Routing in MANET) provides both privacy and security features including confidentiality, authentication and authorization. Location based routing is based on some assumptions in MANET ie location of the mobile nodes (using GPS), Time Clock of mobile nodes are loosely synchronized, mobility and Nodes has uniform transmission range. In the current work an effort has been done to review the ALARM protocol and identify some of the security problems in MANET. Further the work suggests a mechanism to prevent malicious activity (replay attack) in MANET using monitoring method.
Keywords: data privacy; mobile ad hoc networks; routing protocols; synchronisation; telecommunication network reliability; telecommunication security; ALARM protocol; GPS; MANET; anonymous location aided routing protocol; data transmission reliability; malicious activity prevention; privacy feature; replay attack prevention; security feature; time clock synchronization; Authentication; Mobile ad hoc networks; Monitoring; Protocols; Routing; Synchronization; Alarm Protocol; MANET; Monitoring; Prevention; Replay attack (ID#: 15-6182)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7014731&isnumber=7014644

Devi, E.A.; Chitra, K., “Security Based Energy Efficient Routing Protocol for Ad Hoc Network,” Control, Instrumentation, Communication and Computational Technologies (ICCICCT), 2014 International Conference on, vol., no., pp. 1522, 1526, 10-11 July 2014. doi:10.1109/ICCICCT.2014.6992982
Abstract: AdHoc network plays an important role for critical scenario such as military services, law enforcement as well as in emergency rescue operation. In such type of request, it requires security and privacy for the underlying routing protocol. As it is a communications less and source limit network, it is very important to propose secure based energy efficient routing protocol. In order to provide a secure and energy efficient routing protocol, a Privacy Protecting Secure and Energy Efficient Routing Protocol (PPSEER) is proposed. In this protocol, first the classifications of network node take place based on their energy level. After that encryption is done based on group signature. It includes additional secure parameter such as secret key and maximum transmission power which is known only to the sender and recipient node. The advantage of the proposed routing protocol is that it increases privacy of the message as well as it maintains the energy efficiency of the node.
Keywords: ad hoc networks; cryptographic protocols; energy conservation; routing protocols; telecommunication power management; telecommunication security; ad hoc network; encryption; group signature; maximum transmission power; network node; privacy protecting secure; recipient node; secret key; secure parameter; security based energy efficient routing protocol; sender node; underlying routing protocol; Ad hoc networks; Energy efficiency; Privacy; Routing; Routing protocols; Security; AdHoc; Group Signature; Manet; PPSEER; PRISM (ID#: 15-6183)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6992982&isnumber=6992918

Chasaki, D., “Identifying Malicious Behavior in MANET Through Data Path Information,” Computing, Networking and Communications (ICNC), 2014 International Conference on, vol., no., pp. 567, 572, 3-6 Feb. 2014. doi:10.1109/ICCNC.2014.6785398
Abstract: Mobile Ad-hoc Networks are increasingly deployed in military networks as well as special kinds of civil law enforcement and emergency operation domains. Compared to wired and other types of wireless networks, MANETs are particularly vulnerable to a wide range of attacks and require high security and privacy guarantees due to their critical mission. Research efforts have focused on developing secure routing protocols for MANETs but very little attention has been given to the data plane and the information we can extract about the actual communication links. Wireless networks that require high levels of security may use data path information to validate routing information. In this paper, we develop a scheme that allows us to track and validate mobile node connectivity in order to identify potential malicious behavior. We propose a novel algorithm to accomplish connectivity tracking based on a space-efficient Bloom filter data structure and the use of aggregate signatures. We present simulation results on a real network trace that show the effectiveness of our design.
Keywords: data structures; mobile ad hoc networks; routing protocols; telecommunication computing; telecommunication security; MANET; aggregate signatures; civil law enforcement; communication links; connectivity tracking; data path information; data plane; emergency operation domain; malicious behavior identification; military networks; mobile ad-hoc networks; mobile node connectivity; potential malicious behavior; privacy guarantee; real network trace; routing information; routing protocol security; security guarantee; space-efficient bloom filter data structure; wireless networks; Ad hoc networks; Arrays; Network topology; Peer-to-peer computing; Security; Topology (ID#: 15-6184)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6785398&isnumber=6785290

Abu Bakar, A.; Ghapar, A.A.; Ismail, R., “Access Control and Privacy in MANET Emergency Environment,” Computer and Information Sciences (ICCOINS), 2014 International Conference on, vol., no., pp. 1, 6, 3-5 June 2014. doi:10.1109/ICCOINS.2014.6868389
Abstract: Mobile ad hoc networks (MANETs) cultivate a new research trend in today's computing. With some unique features such as scalability, fault tolerant and autonomous system enable a network to be setup with or without any trusted authority. This makes MANET suitable for the emergency and rescue operations. During an emergency situation, there is a need for the data to be shared with the rescuers. However, there are some of the personal data cannot be shared to all rescuers. Thus, the privacy and security of data becomes a main concern here. This paper addresses these issues with a combination of access control mechanism and privacy policy to ensure that the privacy and security of personal data is protected accordingly.
Keywords: authorisation; data privacy; mobile ad hoc networks; telecommunication security; MANET emergency environment; access control; autonomous system; data privacy; mobile ad hoc network; security of data; trusted authority; Access control; Authentication; Data privacy; Hospitals; Mobile ad hoc networks; Privacy; Access Control; Emergency; MANET (ID#: 15-6185)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6868389&isnumber=6868339

Liu Licai; Yin Lihua; Guo Yunchuan; Fang Bingxing, “Bargaining-Based Dynamic Decision for Cooperative Authentication in MANETs,” Trust, Security and Privacy in Computing and Communications (TrustCom), 2014 IEEE 13th International Conference on, vol., no., pp. 212, 220, 24-26 Sept. 2014. doi:10.1109/TrustCom.2014.32
Abstract: In MANETs, cooperative authentication, requiring cooperation of neighbor nodes, is a significant authenticate technique. However, when nodes participate in cooperation, their location may easily be tracked by misbehaving nodes, meanwhile, their resources will be consumed. These two factors lead selfish nodes reluctant participate in cooperation and decrease the probability of correct authentication. To encourage nodes to take part in cooperation, we proposed a bargaining-based dynamic game model for cooperative authentication to analyze dynamic behaviors of nodes and help nodes decide whether to participate in cooperation or not. Further, to analyze the dynamic decision-making of nodes, we discussed two situations — complete information and incomplete information, respectively. Under complete information, Sub game Perfect Nash Equilibriums are obtained to guide nodes to choose its optimal strategy to maximize its utility. In reality, nodes often do not have good knowledge about others’ utility (this case is often called incomplete information). To dealt with this case, Perfect Bayesian Nash Equilibrium is established to eliminate the implausible Equilibriums. Based on the model, we designed two algorithms for complete information and incomplete information,, and the simulation results demonstrate that in our model nodes participating in cooperation will maximize their location privacy and minimize their resources consumption with ensuing the probability of correct authentication. Both of algorithms can improve the success rate of cooperative authentication and extend the network lifetime to 160%–360.6%.
Keywords: cooperative communication; decision making; game theory; message authentication; mobile ad hoc networks; probability; telecommunication security; MANET; bargaining-based dynamic decision; bargaining-based dynamic game model; cooperative authentication; dynamic decision-making; location privacy; mobile ad hoc networks; network lifetime; perfect Bayesian Nash equilibrium; resources consumption; subgame perfect Nash equilibriums; Ad hoc networks; Authentication; Games; Mobile computing; Principal component analysis; Privacy; Vehicle dynamics; Cooperative Authentication; Dynamic Game; Incentive Strategy (ID#: 15-6186)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7011253&isnumber=7011202

Chongxian Guo; Huaqiang Xu; Lei Ju; Zhiping Jia; Jihai Xu, “A High-Performance Distributed Certificate Revocation Scheme for Mobile Ad Hoc Networks,” Trust, Security and Privacy in Computing and Communications (TrustCom), 2014 IEEE 13th International Conference on, vol., no., pp. 156, 163, 24-26 Sept. 2014. doi:10.1109/TrustCom.2014.136
Abstract: Mobile ad hoc networks (MANETs) are wireless networks which have a wide range applications due to their dynamic topologies and easy to deployment. However, such networks are also more vulnerable to attacks compared with traditional wireless networks. Certificate revocation is an effective mechanism for providing network security services. Existing schemes are not well suited for MANETs because of incurring much overhead or bring low accuracy on certificate revocation. Therefore, we propose a high-performance distributed certificate revocation scheme in which certificates of malicious nodes will be revoked quickly and accurately. Certificate revocation is the result of the collaborative effect of multiple accusations. For diluting damages to networks, one accusation is enough to limit the accusation function of the accused node. To enhance the accuracy of certificate revocation, our scheme requires nodes just accepting those accusations in which trust levels of accuser nodes are not less than accused nodes’. To guarantee the rapidity, we restore accusation functions of the falsely accused nodes after revoking certificates of all malicious nodes who ever accused them. Moreover, we design one mechanism to reward nodes who ever accused those malicious nodes, and in return, accusations made by them will accelerate the certificate revocation processes of other malicious nodes. Simulation results demonstrate the effectiveness and efficiency of our scheme in certificate revocation. In addition, our scheme achieves a great improvement of just limiting accusation functions of malicious nodes.
Keywords: mobile ad hoc networks; telecommunication security; MANET; high-performance distributed certificate revocation scheme; malicious nodes; mobile ad hoc networks; Accuracy; Communication networks; Educational institutions; Mobile ad hoc networks; Mobile computing; Security; accusation function; certificate revocation; mobile ad hoc networks (MANETs); trust (ID#: 15-6187)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7011246&isnumber=7011202

Hui Xia; Jia Yu; Zhi-Yong Zhang; Xiang-Guo Cheng; Zhen-Kuan Pan, “Trust-Enhanced Multicast Routing Protocol Based on Node’s Behavior Assessment for MANETs,” Trust, Security and Privacy in Computing and Communications (TrustCom), 2014 IEEE 13th International Conference on, vol., no., pp. 473, 480, 24-26 Sept. 2014. doi:10.1109/TrustCom.2014.60
Abstract: A mobile ad hoc network (MANET) is a self-configuring network of mobile nodes connected by wireless links without fixed infrastructure, which is originally designed for a cooperative environment. However, MANETs are subjected to a variety of attacks by malicious nodes, in particular for attacks on the packet routing. Compared with traditional cryptosystem based security mechanisms, trust-enhanced routing protocol could provide a better quality of service. In this study, we abstract a basic decentralized effective trust inference model based on node’s behavior assessment, where each peer assigns a trust value for a set of peers of interest. In this model, we introduce the ‘voting’ mechanism to access the recommending experience (or ratings), in order to reduce the cost of the algorithm design and the system overhead. Then combined with this trust model, a novel trust-enhanced multicast routing protocol (TeMR) is proposed. This new protocol introduces the group-shared tree strategy, which establishes more efficient multicast routes since it uses ‘trust’ factor to improve the efficiency and robustness of the forwarding tree. Moreover, it provides a flexible and feasible approach in routing decision making with trust constraint and malicious node detection. Experiments have been conducted to evaluate the effectiveness of the proposed protocol.
Keywords: decision making; mobile ad hoc networks; multicast protocols; quality of service; radio links; routing protocols; MANET; cryptosystem; decision making; group-shared tree strategy; malicious node detection; malicious nodes; mobile ad hoc network; mobile nodes; packet routing; quality of service; trust constraint; trust inference model; trust-enhanced multicast routing protocol; wireless links; Ad hoc networks; Mobile computing; Monitoring; Peer-to-peer computing; Routing; Routing protocols; Ad Hoc Network; Malicious Node; Routing Decision Making; Trust Constraint; Trust Model; Trust-enhanced Multicast Routing (ID#: 15-6188)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7011284&isnumber=7011202

Bijon, K.Z.; Haque, M.M.; Hasan, R., “A Trust Based Information Sharing Model (TRUISM) in MANET in the Presence of Uncertainty,” Privacy, Security and Trust (PST), 2014 Twelfth Annual International Conference on, vol., no., pp. 347, 354, 23-24 July 2014. doi:10.1109/PST.2014.6890959
Abstract: In the absence of centralized trusted authorities (CTA), security is one of the foremost concern in Mobile Ad-hoc Networks (MANET) as the network is open to attacks and unreliability in the presence of malicious nodes (devices). With increasing demand of interactions among nodes, trust based information sharing needs more stringent rules to ensure security in this pervasive computing scenario. In this paper, we present a novel multi-hop recommendation based trust management scheme (TRUISM). We adapt famous Dempster-Shafer theory that can efficiently combine recommendations from multiple devices in the presence of unreliable and malicious recommendations. A novel recommendation-routing protocol named ‘buffering on-the-fly’ has been introduced to reduce the number of recommendation traffic by storing trust values in intermediate nodes. TRUISM also provides a flexible behavioral model for trust computation where a node can prioritize recommendations based on its requirements. Evaluation result shows that our model not only performs well in the presence of contradictory recommendations but also ensures a faster and scalable trust based information sharing by reducing the overall packet flow in the system.
Keywords: inference mechanisms; mobile ad hoc networks; trusted computing; ubiquitous computing; uncertainty handling; CTA; Dempster-Shafer theory; MANET; TRUISM model; buffering on-the-fly protocol; centralized trusted authorities; malicious nodes; mobile adhoc network; multihop recommendation based trust management scheme; pervasive computing; trust based Information sharing model; trust computation; trust values; Aging; Computational modeling; Information management; Mathematical model; Mobile ad hoc networks; Reliability; Security; Dempster-Shafer; MANET; Recommendation; Trust (ID#: 15-6189)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6890959&isnumber=6890911

Guo Yunchuan; Yin Lihua; Liu Licai; Fang Binxing, “Utility-Based Cooperative Decision in Cooperative Authentication,” INFOCOM, 2014 Proceedings IEEE, vol., no., pp. 1006, 1014, April 27 2014–May 2 2014. doi:10.1109/INFOCOM.2014.6848030
Abstract: In mobile networks, cooperative authentication is an efficient way to recognize false identities and messages. However, an attacker can track the location of cooperative mobile nodes by monitoring their communications. Moreover, mobile nodes consume their own resources when cooperating with other nodes in the process of authentication. These two factors cause selfish mobile nodes not to actively participate in authentication. In this paper, a bargaining-based game for cooperative authentication is proposed to help nodes decide whether to participate in authentication or not, and our strategy guarantees that mobile nodes participating in cooperative authentication can obtain the maximum utility, all at an acceptable cost. We obtain Nash equilibrium in static complete information games. To address the problem of nodes not knowing the utility of other nodes, incomplete information games for cooperative authentication are established. We also develop an algorithm based on incomplete information games to maximize every node’s utility. The simulation results demonstrate that our strategy has the ability to guarantee authentication probability and increase the number of successful authentications.
Keywords: game theory; mobile ad hoc networks; probability; telecommunication security; MANET; Nash equilibrium; authentication probability; authentication process; cooperative authentication; cooperative mobile nodes; information games; mobile ad hoc network; mobile networks; mobile nodes; utility based cooperative decision; Bismuth; Computers; Conferences; High definition video; Human computer interaction; Cooperative authentication; games; location privacy (ID#: 15-6190)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6848030&isnumber=6847911

Bhati, B.S.; Venkataram, P., “Data Privacy Preserving Scheme in MANETs,” Internet Security (WorldCIS), 2014 World Congress on, vol., no., pp. 22, 23, 8-10 Dec. 2014. doi:10.1109/WorldCIS.2014.7028159
Abstract: Data privacy is one among the challenging issues in Mobile Adhoc NETworks (MANETs), which are deployed in hostile environments to transfer sensitive data through multi-hop routing. The undesired disclosure of data can result in breach of data privacy, and can be used in launching several attacks. Many of the works achieved data privacy by using approaches such as data transformation, data perturbation, etc. But, these approaches introduce high computational overheads and delays in a MANET. To minimize the computations in preserving data privacy, we have proposed a computational intelligence based data privacy scheme. In the scheme we use data anonymization approach, where rough set theory is used to determine the data attributes to be anonymized. Dynamically changing multiple routes are established between a sender and a receiver, by selecting more than one trusted 1-hop neighbor nodes for data transfer in each routing step. Anonymity of the receiver is also discussed. The work has been simulated in different network sizes with several data transfers. The results are quite encouraging.
Keywords: data privacy; mobile ad hoc networks; rough set theory; security of data; telecommunication network routing; telecommunication security; MANET; computation minimization; computational intelligence; computational overheads; data anonymization approach; data attributes; data perturbation; data privacy preserving scheme; data transfers; data transformation; delays; mobile adhoc networks; multihop routing; receiver anonymity; rough set theory; Artificial neural networks; Bandwidth; Batteries; Mobile ad hoc networks; Mobile computing; Anonymity; Data Attributes; Data Privacy; Mobile Adhoc Network; Rough Sets (ID#: 15-6191)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7028159&isnumber=7027983

Doumiati, S.; Al Choikani, T.; Artail, H., “LPS for LBS: Location-Privacy Scheme for Location-Based Services,” Computer Systems and Applications (AICCSA), 2014 IEEE/ACS 11th International Conference on, vol., no., pp.449, 456, 10-13 Nov. 2014. doi:10.1109/AICCSA.2014.7073233
Abstract: A Vehicular Ad-hoc Network (VANET) is a type of Mobile Ad-hoc Network (MANET) that is used to provide communications between nearby vehicles on a hand, and between vehicles and fixed infrastructure on the roadside on the other hand. VANET is not only used for road safety and driving comfort but also for infotainment. An application area which is expected to greatly benefit from this advanced technology is Location Based Service (LBS): a service which helps users in finding nearby places. However, this application raises a privacy issue for these users since it can profile them and track their physical location. Therefore, to successfully deploy LBS, user’s privacy is one of major challenges that must be addressed. In this paper, we propose a location privacy protection scheme to encourage drivers to use this service without any risk of being pursued. Our system was implemented using NS2 network simulator and found to achieve high values of anonymity.
Keywords: data privacy; mobility management (mobile radio); telecommunication security; vehicular ad hoc networks; LBS; LPS; MANET; NS2 network simulator; VANET; driving comfort; infotainment; location privacy protection scheme; location-based services; mobile ad-hoc network; physical location tracking; road safety; vehicular ad-hoc network; Privacy; Public key; Roads; Vehicles; Vehicular ad hoc networks; Location Based Service (LBS); Vehicular ad-hoc networks (VANET); anonymity; attacks; privacy (ID#: 15-6192)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7073233&isnumber=7073167
 

---

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

---

PKI Trust Models, 2014

 

	PKI Trust Models 2014

The Public Key Infrastructure (PKI) is designed to ensure the security of electronic transactions and the exchange of sensitive information through cryptographic keys and certificates. Several PKI trust models are proposed in the literature to model trust relationship and trust propagation. The research cited here looks at several of those models, particularly in the area of ad hoc networks. The research was presented in 2014.

---

Jain, A.; Khare, G.; Rajan, A.; Manjhi, N.; Pathy, D.; Rawat, A., “Implementation Issues and Challenges with PKI Infrastructure and Its Integration with In-House Developed IT Applications,” IT in Business, Industry and Government (CSIBIG), 2014 Conference on, vol., no., pp. 1, 5, 8-9 March 2014. doi:10.1109/CSIBIG.2014.7056939
Abstract: Rapid deployment of e-governance applications emphasis on need for security and authentication. Many emerging technologies are being developed to fulfil security requirements. The major concern in e-governance transactions is the need for replacement of hand-written signature with an `online' signature. Further, since web enabled applications are prone to various types of security breaches, the discussion on robust and authenticated e-governance transactions is incomplete without consideration of ‘security’ as a prominent aspect of ‘online signatures’. An e-signature may be considered as a type of electronic authentication which can be achieved by means of different types of technologies. Today there are wide range of technologies, products and solutions for securing the electronic infrastructure of any organization. The levels of security implemented should be commensurate with the level of complexity of the organizational data and applications in use. To operate critical web enabled applications, organizations need high-level, certificate-based security provided by a Public Key Infrastructure (PKI). PKI protects applications that demand the highest level of security, web services based business process automation, digital form signing and electronic commerce. PKI is a consistently evolving security process in government and ecommerce. It is the most appropriate security mechanism for securing data, identifying users, and establishing a chain of trust to secure electronic infrastructure. PKI integrates digital identities and signatures to present an end-to-end trust model. This paper discusses the issues and challenges associated with setting up in-house certifying authority and integrating PKI functionality into in-house developed IT applications in our organization.
Keywords: Web services; digital signatures; public key cryptography; PKI infrastructure; Web services based business process automation; digital form signing; e-governance applications; e-signature; electronic authentication; electronic commerce; hand-written signature; in-house developed IT applications; online signatures; public key infrastructure; security breaches; security requirements; web enabled applications; Authorization; Browsers; Cryptography; Databases; Organizations; Reliability; Servers; Digital Signature Certificate; Digital Signing; Oracle Certifying Authority; PKI; Workflow (ID#: 15-6154)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7056939&isnumber=7056912

Serna, J.; Morales, R.; Medina, M.; Luna, J., “Trustworthy Communications in Vehicular Ad Hoc NETworks,” Internet of Things (WF-IoT), 2014 IEEE World Forum on, vol., no., pp. 247, 252, 6-8 March 2014. doi:10.1109/WF-IoT.2014.6803167
Abstract: Vehicular Ad-Hoc NETworks (VANETs), a pillar for the Internet of Vehicles, aim to improve road safety by preventing and reducing traffic accidents. While VANETs offer a great variety of safety and infotainment applications, there remain a number of security and privacy challenges, such as, user profiling and vehicle tracking, which, must be addressed. This paper contributes with a framework to address security and privacy issues in VANETs. The proposed framework consists of i) an inter-domain authentication system able to provide a near realtime certificate status service, ii) a mechanism to quantitatively evaluate the trust level of a CA and establish a on-the-fly interoperability relationship, and iii) a privacy enhancing model that addresses privacy in terms of linkability.
Keywords: intelligent transportation systems; road safety; road vehicles; telecommunication security; trusted computing; vehicular ad hoc networks; Internet of vehicles; VANET; intelligent transportation systems; interdomain authentication system; road safety; traffic accidents; trustworthy communications; user profiling; vehicle tracking; vehicular ad hoc networks; Authentication; Internet; Privacy; Protocols; Vehicles; Vehicular ad hoc networks; Anonymity; PKI; Privacy; Security; VANETs (ID#: 15-6166)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6803167&isnumber=6803102

Wagan, A.A.; Low Tang Jung, “Security Framework for Low Latency VANET Applications,” Computer and Information Sciences (ICCOINS), 2014 International Conference on, vol., no., pp.1, 6, 3-5 June 2014. doi:10.1109/ICCOINS.2014.6868395
Abstract: Vehicular Ad hoc Network (VANET) is a communication network for vehicles on the highway. Presently, VANET technology is surrounded with security challenges and it is essentially important for VANET to successfully implement a security measure according to the safety applications requirements. Many academia researcher have suggested a various solutions to encounter security attacks and also proposed models to strengthen security characteristics. The current most suitable security scheme for VANET is an Elliptic Curve Digital Signature Algorithm (ECDSA). However ECDSA is associated with high computational cost, therefore it is considered an inappropriate approach for low latency safety applications. In this study, a security framework is proposed to solve above issues; a proposed framework utilizes both traditional cryptographic schemes; asymmetric PKI and symmetric respectively. The asymmetric cryptography scheme is used to securely exchange the key and authentication process and symmetric cryptography scheme is used for low latency safety application (especially time critical safety applications). The suggested framework is not only reduce the latency but also enhance the security cryptography characteristics by establishing trust between ongoing vehicles.
Keywords: digital signatures; public key cryptography; telecommunication security; vehicular ad hoc networks; ECDSA; VANET technology; asymmetric PKI; cryptographic schemes; elliptic curve digital signature algorithm; low latency VANET applications; public key infrastructure; safety application requirements; security attacks; security characteristics; security framework; security measure; symmetric PKI; vehicular ad hoc network; Cryptography; Protocols; Road transportation; Safety; Vehicles; Vehicular ad hoc networks; Asymmetric and Symmetric Cryptography; Latency; TPM; VANET (ID#: 15-6167)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6868395&isnumber=6868339

Vilhan, P.; Hudec, L., “Cluster Glue — Improving Service Reachability in PKI Enabled MANET,” Computer Modelling and Simulation (UKSim), 2014 UKSim-AMSS 16th International Conference on, vol., no., pp. 494, 499, 26-28 March 2014. doi:10.1109/UKSim.2014.31
Abstract: This paper presents the revision of our concept to improve the public key infrastructure deploy ability and service reachability in the mobile ad-hoc networks routed by B.A.T.M.A.N. Advanced. We have extended the B.A.T.M.A.N. Advanced routing protocol with authentication and authorization of routing updates based on X.509 certificates. Furthermore we have determined several levels of node’s trust-worthiness and interoperability between trusted authorities in the network. To mitigate extra load caused by renewing of certificates, we have identified critical factors affecting it and designed the computation formula for optimal amount of cross certificates issued by trusted authority. To further improve the service reachablity in highly mobile networks in earlier stages of PKI deployment, we have designed the Cluster Glue. The Cluster Glue helps to connect groups of nodes from different parts of network which owns the certificates issued by the same authority. Thanks to these modifications we are able to mitigate various security risks and provide the more secure route for messages transmitting through the network. Preliminary results were verified by simulations.
Keywords: authorisation; mobile ad hoc networks; public key cryptography; routing protocols; telecommunication security; B.A.T.M.A.N. Advanced routing protocol; PKI enabled MANET; X.509 certificates; authentication; authorization; cluster glue; cross certificates; mobile ad hoc networks; public key infrastructure; security risks; service reachability; trusted authority; Mobile ad hoc networks; Mobile communication; Peer-to-peer computing; Routing; Routing protocols; Security; BAT-MAN; Cluster Glue; MANET; PKI; RSA; ad-hoc; public key infrastructure; routing; security (ID#: 15-6168)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7046116&isnumber=7045636

El Uahhabi, Z.; El Bakkali, H., “A Comparative Study of PKI Trust Models,” Next Generation Networks and Services (NGNS), 2014 Fifth International Conference on, vol., no., pp. 255, 261, 28-30 May 2014. doi:10.1109/NGNS.2014.6990261
Abstract: Public Key Infrastructure (PKI) is a security technology designed to ensure the security of electronic transactions and the exchange of sensitive information through cryptographic keys and certificates. Several PKI trust models are proposed in the literature to model trust relationship and trust propagation. In this paper, we present different PKI trust models architectures. We then analyze and compare some proposed PKI trust models for e-services applications.
Keywords: Internet; computer network security; electronic data interchange; public key cryptography; trusted computing; Internet security; PKI trust model; cryptographic key; e-services application; electronic transaction security; information exchange security; public key infrastructure; trust propagation; Adaptation models; Analytical models; Bridges; Certification; Privacy; Public key; PKI; e-health; e-services; trust model (ID#: 15-6169)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6990261&isnumber=6990210

Binod Vaidya, Dimitrios Makrakis, Hussein Mouftah; “Effective Public Key Infrastructure for Vehicle-to-Grid Network,” DIVANet ’14, Proceedings of the Fourth ACM International Symposium on Development and Analysis of Intelligent Vehicular Networks and Applications, September 2014, Pages 95-101. doi:10.1145/2656346.2656348
Abstract: A growth of electric vehicle (EV) technologies likely leads a fundamental shift not only in transportation sector but also in the existing electric power grid infrastructure. In Smart grid infrastructure, vehicle-to-grid (V2G) network can be formed such that participating EVs can be used to store energy and supply this energy back to the power grid when required. To realize proper deployment of V2G network, charging infrastructure having various entities such as charging facility, clearinghouse, and energy provider has to be constructed. So use of Public key infrastructure (PKI) is indispensable for provisioning security solution in V2G network. The ISO/IEC 15118 standard is ascribed that incorporates X.509 PKI solution for V2G network. However, as traditional X.509 based PKI for V2G network has several shortcomings, we have proposed an effectual PKI for a V2G network that is built on based on elliptic curve cryptography and self-certified public key technique having implicit certificate to reduce certificate size and certificate verification time. We show that the proposed solution outperforms the existing solution.
Keywords: ECC, ISO/IEC 15118, PKI, X.509, implicit certificate, smart grid, vehicle-to-grid network (ID#: 15-6170)
URL:  http://doi.acm.org/10.1145/2656346.2656348

Jingwei Huang, David M. Nicol; “Evidence-Based Trust Reasoning,” HotSoS ’14, Proceedings of the 2014 Symposium and Bootcamp on the Science of Security, April 2014, Article No. 17. doi:10.1145/2600176.2600193
Abstract: Trust is a necessary component in cybersecurity. It is a common task for a system to make a decision about whether or not to trust the credential of an entity from another domain, issued by a third party. Generally, in the cyberspace, connected and interacting systems largely rely on each other with respect to security, privacy, and performance. In their interactions, one entity or system needs to trust others, and this “trust” frequently becomes a vulnerability of that system. Aiming at mitigating the vulnerability, we are developing a computational theory of trust, as a part of our efforts towards Science of Security. Previously, we developed a formal-semantics-based calculus of trust [3, 2], in which trust can be calculated based on a trustor’s direct observation on the performance of the trustee, or based on a trust network. In this paper, we construct a framework for making trust reasoning based on the observed evidence. We take privacy in cloud computing as a driving application case [5].
Keywords: evidence-based trust, privacy, trust model (ID#: 15-6171)
URL:  http://doi.acm.org/10.1145/2600176.2600193

Adam Bates, Joe Pletcher, Tyler Nichols, Braden Hollembaek, Kevin R.B. Butler; “Forced Perspectives: Evaluating an SSL Trust Enhancement at Scale,” IMC ’14, Proceedings of the 2014 Conference on Internet Measurement Conference, November 2014, Pages 503-510. doi:10.1145/2663716.2663759
Abstract: The certificate authority (CA) PKI system has been used for decades as a means of providing domain identity verification services throughout the Internet, but a growing body of evidence suggests that our trust in this system is misplaced. A recently proposed CA alternative, Convergence, extends the Network Perspectives system of multi-path probing to perform certificate verification. Unfortunately, adoption of Convergence and other SSL/TLS trust enhancements has been slow, in part because it is unknown how these systems perform against large workloads and realistic conditions. In this work we ask the question “What if all certificates were validated with Convergence?” We perform a case study of deploying Convergence under realistic workloads with a university-wide trace of real-world HTTPS activity. By synthesizing Convergence requests, we effectively force perspectives-based verification on an entire university in simulation. We demonstrate that through local and server caching, a single Convergence deployment can meet the requirements of millions of SSL flows while imposing under 0.1% network overhead and requiring as little as 108 ms to validate a certificate, making Convergence a worthwhile candidate for further deployment and adoption.
Keywords: https, public-key certificates, ssl, tls (ID#: 15-6172)
URL:  http://doi.acm.org/10.1145/2663716.2663759

David Basin, Cas Cremers, Tiffany Hyun-Jin Kim, Adrian Perrig, Ralf Sasse, Pawel Szalachowski; “ARPKI: Attack Resilient Public-Key Infrastructure,” CCS ’14, Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, November 2014, Pages 382-393. doi:10.1145/2660267.2660298
Abstract: We present ARPKI, a public-key infrastructure that ensures that certificate-related operations, such as certificate issuance, update, revocation, and validation, are transparent and accountable. ARPKI is the first such infrastructure that systematically takes into account requirements identified by previous research. Moreover, ARPKI is co-designed with a formal model, and we verify its core security property using the Tamarin prover. We present a proof-of-concept implementation providing all features required for deployment. ARPKI efficiently handles the certification process with low overhead and without incurring additional latency to TLS. ARPKI offers extremely strong security guarantees, where compromising n-1 trusted signing and verifying entities is insufficient to launch an impersonation attack. Moreover, it deters misbehavior as all its operations are publicly visible.
Keywords: attack resilience, certificate validation, formal validation, public log servers, public-key infrastructure, tls, TLS (ID#: 15-6173)
URL: http://doi.acm.org/10.1145/2660267.2660298

Pawel Szalachowski, Stephanos Matsumoto, Adrian Perrig; “PoliCert: Secure and Flexible TLS Certificate Management,” CCS ’14, Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, November 2014, Pages 406-417. doi:10.1145/2660267.2660355
Abstract: The recently proposed concept of publicly verifiable logs is a promising approach for mitigating security issues and threats of the current Public-Key Infrastructure (PKI). Although much progress has been made towards a more secure infrastructure, the currently proposed approaches still suffer from security vulnerabilities, inefficiency, or incremental deployment challenges. In this paper we propose PoliCert, a comprehensive log-based and domain-oriented architecture that enhances the security of PKI by offering: a) stronger authentication of a domain’s public keys, b) comprehensive and clean mechanisms for certificate management, and c) an incentivised incremental deployment plan. Surprisingly, our approach has proved fruitful in addressing other seemingly unrelated problems such as TLS-related error handling and client/server misconfiguration.
Keywords: certificate validation, public log servers, public-key certificate, public-key infrastructure, security policy, ssl, tls, TLS (ID#: 15-6174)
URL: http://doi.acm.org/10.1145/2660267.2660355

Qingji Zheng, Wei Zhu, Jiafeng Zhu, Xinwen Zhang; “Improved Anonymous Proxy Re-Encryption with CCA Security,” ASIA CCS ’14, Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, June 2014, Pages 249-258.  doi:10.1145/2590296.2590322
Abstract: Outsourcing private data and heavy computation tasks to the cloud may lead to privacy breach as attackers (e.g., malicious outsiders or cloud administrators) may correlate any relevant information to penetrate information of their interests. Therefore, how to preserve cloud users’ privacy has been a top concern when adopting cloud solutions. In this paper, we investigate the identity privacy problem for the proxy re-encryption, which allows any third party (e.g., cloud) to re-encrypt ciphertexts in order to delegate the decryption right from one to another user. The relevant identity information, e.g., whose ciphertext was re-encrypted to the ciphertext under whose public key, may leak because re-encryption keys and ciphertexts (before and after re-encryption) are known to the third party. We review prior anonymity (identity privacy) notions, and find that these notions are either impractical or too weak. To address this problem thoroughly, we rigorously define the anonymity notion that not only embraces the prior anonymity notions but also captures the necessary anonymity requirement for practical applications. In addition, we propose a new and efficient proxy re-encryption scheme. The scheme satisfies the proposed anonymity notion under the Squared Decisional Bilinear Diffie-Hellman assumption and achieves security against chosen ciphertext attack under the Decisional Bilinear Diffie-Hellman assumption in the random oracle model. To the best of our knowledge, it is the first proxy re-encryption scheme attaining both chosen-ciphertext security and anonymity simultaneously. We implement a prototype based on the proposed proxy re-encryption scheme and the performance study shows that it is efficient.
Keywords: anonymity, chosen-ciphertext security, outsourced computation, proxy re-encryption (ID#: 15-6175)
URL: http://doi.acm.org/10.1145/2590296.2590322

Haya Shulman; “Pretty Bad Privacy: Pitfalls of DNS Encryption,” WPES ’14, Proceedings of the 13th Workshop on Privacy in the Electronic Society, November 2014, Pages 191-200. doi:10.1145/2665943.2665959
Abstract: As awareness for privacy of Domain Name System (DNS) is increasing, a number of mechanisms for encryption of DNS packets were proposed. We study the prominent defences, focusing on the privacy guarantees, interoperability with the DNS infrastructure, and the efficiency overhead. In particular: We explore dependencies in DNS and show techniques that utilise side channel leaks, due to transitive trust, allowing to infer information about the target domain in an encrypted DNS packet.  We examine common DNS servers configurations and show that the proposals are expected to encounter deployment obstacles with (at least) 38% of 50K-top Alexa domains and (at least) 12% of the top-level domains (TLDs), and will disrupt the DNS functionality and availability for clients. We show that due to the non-interoperability with the caches, the proposals for end-to-end encryption may have a prohibitive traffic overhead on the name servers. Our work indicates that further study may be required to adjust the proposals to stand up to their security guarantees, and to make them suitable for the common servers’ configurations in the DNS infrastructure. Our study is based on collection and analysis of the DNS traffic of 50K-top Alexa domains and 568 TLDs.
Keywords: dns, dns caching, dns encryption, dns infrastructure, dns privacy, dns security, side channel attacks, transitive trust dependencies (ID#: 15-6176)
URL:  http://doi.acm.org/10.1145/2665943.2665959

Ethan Heilman, Danny Cooper, Leonid Reyzin, Sharon Goldberg; “From the Consent of the Routed: Improving the Transparency of the RPKI,” SIGCOMM ’14, Proceedings of the 2014 ACM Conference on SIGCOMM, August 2014, Pages 51-62. doi:10.1145/2619239.2626293
Abstract: The Resource Public Key Infrastructure (RPKI) is a new infrastructure that prevents some of the most devastating attacks on interdomain routing. However, the security benefits provided by the RPKI are accomplished via an architecture that empowers centralized authorities to unilaterally revoke any IP prefixes under their control. We propose mechanisms to improve the transparency of the RPKI, in order to mitigate the risk that it will be used for IP address takedowns. First, we present tools that detect and visualize changes to the RPKI that can potentially take down an IP prefix. We use our tools to identify errors and revocations in the production RPKI. Next, we propose modifications to the RPKI's architecture to (1) require any revocation of IP address space to receive consent from all impacted parties, and (2) detect when misbehaving authorities fail to obtain consent. We present a security analysis of our architecture, and estimate its overhead using data-driven analysis.
Keywords: RPKI, public key infrastructures, security, transparency (ID#: 15-6177)
URL:  http://doi.acm.org/10.1145/2619239.2626293

Tiffany Hyun-Jin Kim, Cristina Basescu, Limin Jia, Soo Bum Lee, Yih-Chun Hu, Adrian Perrig; “Lightweight Source Authentication and Path Validation,” SIGCOMM ’14, Proceedings of the 2014 ACM Conference on SIGCOMM, August 2014, Pages 271-282. doi:10.1145/2619239.2626323
Abstract: In-network source authentication and path validation are fundamental primitives to construct higher-level security mechanisms such as DDoS mitigation, path compliance, packet attribution, or protection against flow redirection. Unfortunately, currently proposed solutions either fall short of addressing important security concerns or require a substantial amount of router overhead. In this paper, we propose lightweight, scalable, and secure protocols for shared key setup, source authentication, and path validation. Our prototype implementation demonstrates the efficiency and scalability of the protocols, especially for software-based implementations.
Keywords: path validation, retroactive key setup, source authentication (ID#: 15-6178)
URL: http://doi.acm.org/10.1145/2619239.2626323

Julian Horsch, Konstantin Böttinger, Michael Weiß, Sascha Wessel, Frederic Stumpf; “TrustID: Trustworthy Identities for Untrusted Mobile Devices,” CODASPY ’14, Proceedings of the 4th ACM Conference on Data and Application Security and Privacy, March 2014, Pages 281-288. doi:10.1145/2557547.2557593
Abstract: Identity theft has deep impacts in today's mobile ubiquitous environments. At the same time, digital identities are usually still protected by simple passwords or other insufficient security mechanisms. In this paper, we present the TrustID architecture and protocols to improve this situation. Our architecture utilizes a Secure Element (SE) to store multiple context-specific identities securely in a mobile device, e.g., a smartphone. We introduce protocols for securely deriving identities from a strong root identity into the SE inside the smartphone as well as for using the newly derived IDs. Both protocols do not require a trustworthy smartphone operating system or a Trusted Execution Environment. In order to achieve this, our concept includes a secure combined PIN entry mechanism for user authentication, which prevents attacks even on a malicious device. To show the feasibility of our approach, we implemented a prototype running on a Samsung Galaxy SIII smartphone utilizing a microSD card SE. The German identity card nPA is used as root identity to derive context-specific identities.
Keywords: android, combined pin entry, identity derivation, identity provider, mobile security, npa, secure element, smartphone (ID#: 15-6179)
URL: http://doi.acm.org/10.1145/2557547.2557593
 

Teklemariam Tsegay Tesfay, Jean-Pierre Hubaux, Jean-Yves Le Boudec, Philippe Oechslin; “Cyber-Secure Communication Architecture for Active Power Distribution Networks,” SAC ’14, Proceedings of the 29th Annual ACM Symposium on Applied Computing, March 2014, Pages 545-552.  doi:10.1145/2554850.2555082
Abstract: Active power distribution networks require sophisticated monitoring and control strategies for efficient energy management and automatic adaptive reconfiguration of the power infrastructure. Such requirements are realised by deploying a large number of various electronic automation and communication field devices, such as Phasor Measurement Units (PMUs) or Intelligent Electronic Devices (IEDs), and a reliable two-way communication infrastructure that facilitates transfer of sensor data and control signals. In this paper, we perform a detailed threat analysis in a typical active distribution network’s automation system. We also propose mechanisms by which we can design a secure and reliable communication network for an active distribution network that is resilient to insider and outsider malicious attacks, natural disasters, and other unintended failure. The proposed security solution also guarantees that an attacker is not able to install a rogue field device by exploiting an emergency situation during islanding.
Keywords: PKI, active distribution network, authentication, islanding, smart grid, smart grid security, unauthorised access (ID#: 15-6180)
URL: http://doi.acm.org/10.1145/2554850.2555082

---

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

---

Router System Security, 2014

 

	Router System Security 2014

Routers are among the most ubiquitous electronic devices in use. Basic security from protocols and encryption can be readily achieved, but routing has many leaks. The articles cited here look at route leaks, stack protection, and mobile platforms using Tor, iOS, and Android OS, among other topics. They were published in 2014.

---

Siddiqui, M.S.; Montero, D.; Yannuzzi, M.; Serral-Gracia, R.; Masip-Bruin, X., “Diagnosis of Route Leaks Among Autonomous Systems in the Internet,” Smart Communications in Network Technologies (SaCoNeT), 2014 International Conference on, vol., no., pp. 1, 6, 18-20 June 2014. doi:10.1109/SaCoNeT.2014.6867765
Abstract: Border Gateway Protocol (BGP) is the defacto inter-domain routing protocol in the Internet. It was designed without an inherent security mechanism and hence is prone to a number of vulnerabilities which can cause large scale disruption in the Internet. Route leak is one such inter-domain routing security problem which has the potential to cause wide-scale Internet service failure. Route leaks occur when Autonomous systems violate export policies while exporting routes. As BGP security has been an active research area for over a decade now, several security strategies were proposed, some of which either advocated complete replacement of the BGP or addition of new features in BGP, but they failed to achieve global acceptance. Even the most recent effort in this regard, lead by the Secure Inter-Domain Routing (SIDR) working group (WG) of IETF fails to counter all the BGP anomalies, especially route leaks. In this paper we look at the efforts in countering the policy related BGP problems and provide an analytical insights into why they are ineffective. We contend a new direction for future research in managing the broader security issues in the inter-domain routing. In that light, we propose a naive approach for countering the route leak problem by analyzing the information available at hand, such as the RIB of the router. The main purpose of this paper was to position and highlight the autonomous smart analytical approach for tackling policy related BGP security issues.
Keywords: Internet; computer network security; routing protocols; BGP security issue; IETF; Internet autonomous systems; Secure InterDomain Routing working group; border gateway protocol; interdomain routing protocol; interdomain routing security problem; route leak diagnosis; security issues; IP networks; Radiation detectors; Routing; Routing protocols; Security (ID#: 15-6675)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6867765&isnumber=6867755

 

Peng Wu; Wolf, T., “Stack Protection in Packet Processing Systems,” Computing, Networking and Communications (ICNC), 2014 International Conference on, vol., no., pp. 53, 57, 3-6 Feb. 2014. doi:10.1109/ICCNC.2014.6785304
Abstract: Network security is a critical aspect of Internet operations. Most network security research has focused on protecting end-systems from hacking and denial-of-service attacks. In our work, we address hacking attacks on the network infrastructure itself. In particular, we explore data plane stack smashing attacks that have demonstrated successfully on network processor systems. We explore their use in the context of software routers that are implemented on top of general-purpose processor and operating systems. We discuss how such attacks can be adapted to these router systems and how stack protection mechanisms can be used as defense. We show experimental results that demonstrate the effectiveness of these stack protection mechanisms.
Keywords: Internet; computer crime; computer network security; general purpose computers; operating systems (computers); packet switching; telecommunication network routing Internet; computer network security; denial of service attacks; end systems protection; general purpose processor; hacking attacks; network infrastructure; network processor systems; operating systems; packet processing system; router systems; smashing attacks; software routers; stack protection mechanism; Computer architecture; Information security; Linux; Operating systems; Protocols; attack; defense; network security; stack smashing (ID#: 15-6676)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6785304&isnumber=6785290

Frantti, T.; Röning, J., “A Risk-Driven Security Analysis for a Bluetooth Low Energy Based Microdata Ecosystem,” Ubiquitous and Future Networks (ICUFN), 2014 Sixth International Conf on, vol., no., pp. 69, 74, 8-11 July 2014. doi:10.1109/ICUFN.2014.6876753
Abstract: This paper presents security requirements, risk survey, security objectives, and security controls of the Bluetooth Low Energy (BLE) based Catcher devices and the related Microdata Ecosystem of Ceruus company for a secure, energy efficient and scalable wireless content distribution. The system architecture was composed of the Mobile Cellular Network (MCN) based gateway/edge router device, such as Smart Phone, Catchers, and web based application servers. It was assumed that MCN based gateways communicate with application servers and surrounding Catcher devices. The analysis of the scenarios developed highlighted common aspects and led to security requirements, objectives, and controls that were used to define and develop the Catcher and MCN based router devices and guide the system architecture design of the Microdata Ecosystem.
Keywords: Bluetooth; cellular radio; computer network security; network servers; telecommunication network routing; BLE based catcher devices; Bluetooth low energy based microdata ecosystem; Ceruus company; MCN based gateway-edge router device; application servers; energy efficient wireless content distribution; mobile cellular network; risk-driven security analysis; wireless content distribution scalability; wireless content distribution security; Authentication; Ecosystems; Encryption; Logic gates; Protocols; Servers; Internet of Things; authentication; authorization; confidentiality; integrity; security; timeliness (ID#: 15-6677)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6876753&isnumber=6876727

Wang Ming-Hao, “The Security Analysis and Attacks Detection of OSPF Routing Protocol,” Intelligent Computation Technology and Automation (ICICTA), 2014 7th International Conference on, vol., no., pp. 836, 839, 25-26 Oct. 2014. doi:10.1109/ICICTA.2014.200
Abstract: The widespread use of the Internet proposes great challenges for information security. Routing protocols are used to distribute network topology information among routers. Routers find the best route according to the topology information, and realize the network data forwarding. Without correct router information, the network packet transmission is inefficient or incorrect, which may even cause network paralyzed. Therefore, secure routing protocol is an import factor to ensure network security. This paper emphasizes the security of OSPF routing protocol. We firstly outline the background of OSPF technology, and present the OSPF security analysis, including authentication mechanism, reliable flooding mechanism and hierarchical routing mechanism. Then the vulnerabilities of OSPF and protecting methods are introduced. In addition, we propose the attacks detection system of OSPF routing protocol from the perspective of the OSPF security, in order to detect attacks without affecting the network operation. Lastly, future research on OSPF routing protocol are concluded.
Keywords: Internet; cryptographic protocols; routing protocols; telecommunication network topology; telecommunication security; Internet; OSPF routing protocol; OSPF technology; attacks detection system; authentication mechanism; flooding mechanism; hierarchical routing mechanism; information security; secure routing protocol; security analysis; topology information; Authentication; Cryptography; Floods; Routing; Routing protocols; Data Packet; Key; Link-state; OSPF; Routing Protocol (ID#: 15-6678)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7003663&isnumber=7003462

Ben Hadjy Youssef, N.; El Hadj Youssef, W.; Machhout, M.; Tourki, R.; Torki, K., “Instruction Set Extensions of AES Algorithms for 32-Bit Processors,” Security Technology (ICCST), 2014 International Carnahan Conference on, vol., no., pp. 1, 5, 13-16 Oct. 2014. doi:10.1109/CCST.2014.6986988
Abstract: Embedded processors are an integral part of many communications devices such as mobile phones, secure access to private networks, electronic commerce and smart cards. However, such devices often provide critical functions that could be sabotaged by malicious entities. The supply of security for data exchange on basis of embedded systems is a very important objection to accomplish. This paper focuses on instruction set extensions of symmetric key algorithm. The main contribution of this work is the extension of SPARC V8 LEON2 processor core with cryptographic Instruction Set Extensions. The proposed cryptographic algorithm is Advanced Encryption Standard (AES). Our customized instructions offer a cryptographic solution for embedded devices, in order to ensure communications security. Furthermore, as embedded systems are extremely resource constrained devices in terms of computing capabilities, power and memory area; these technological challenges are respected. Our extended LEON2 SPARC V8 core with cryptographic ISE is implemented using Xilinx XC5VFX70t FPGA device and an ASIC CMOS 40 nm technology. The total area of the resulting Chip is about 0.28 mm² and can achieve an operating frequency of 3.33 GHz. The estimated power consumption of the chip was 13.3 mW at 10 MHz. Hardware cost and power consumption evaluation are provided for different clock frequencies, the achieved results show that our circuit is able to be arranged in many security domains such as embedded services routers, real-time multimedia applications and smartcard.
Keywords: CMOS logic circuits; application specific integrated circuits; cryptography; electronic data interchange; embedded systems; field programmable gate arrays; instruction sets; microprocessor chips; 32-bit processors; AES algorithms; ASIC CMOS technology; SPARC V8 LEON2 processor core; Xilinx XC5VFX70t FPGA device; communication devices; cryptographic ISE; cryptographic instruction set extension; data exchange security; embedded devices; embedded processors; embedded services routers; malicious entities; operating frequency; power consumption evaluation; real-time multimedia applications; resource constrained devices; size 40 nm; smartcard; symmetric key algorithm; word length 32 bit; Encryption; Field programmable gate arrays; Hardware; Program processors; Registers; Standards; AES; Embedded processor; FPGA and ASIC implementation; LEON2; decryption; encryption (ID#: 15-6679)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6986988&isnumber=6986962

Owezarski, P., “Unsupervised Classification and Characterization of Honeypot Attacks,” Network and Service Management (CNSM), 2014 10th International Conference on, vol., no., pp. 10, 18, 17-21 Nov. 2014. doi:10.1109/CNSM.2014.7014136
Abstract: Monitoring communication networks and their traffic is of essential importance for estimating the risk in the Internet, and therefore designing suited protection systems for computer networks. Network and traffic analysis can be done thanks to measurement devices or honeypots. However, analyzing the huge amount of gathered data, and characterizing the anomalies and attacks contained in these traces remain complex and time consuming tasks, done by network and security experts using poorly automatized tools, and are consequently slow and costly. In this paper, we present an unsupervised method for classification and characterization of security related anomalies and attacks occurring in honeypots. This as automatized as possible method does not need any attack signature database, learning phase, or labeled traffic. This corresponds to a major step towards autonomous security systems. This paper also shows how it is possible from anomalies characterization results to infer filtering rules that could serve for automatically configuring network routers, switches or firewalls.
Keywords: computer network security; pattern classification; telecommunication network routing; telecommunication traffic; unsupervised learning; Internet; autonomous security systems; communication network monitoring; computer network protection systems; firewalls; honeypot attacks; network routers; switches; traffic analysis; unsupervised anomaly characterization; Algorithm design and analysis; Clustering algorithms; Correlation; IP networks; Internet; Partitioning algorithms; Security; Anomaly classification; Honeypot attack detection (ID#: 15-6680)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7014136&isnumber=7014126

Tsikoudis, N.; Papadogiannakis, A.; Markatos, E.P., “LEoNIDS: a Low-latency and Energy-efficient Network-level Intrusion Detection System,” Emerging Topics in Computing, IEEE Transactions on, vol., no. 99, pp.1,1, 05 December 2014. doi:10.1109/TETC.2014.2369958
Abstract: Over the past decade, design and implementation of low-power systems has received significant attention. Started with data centers and battery-operated mobile devices, it has recently branched to core network devices such as routers. However, this emerging need for low-power system design has not been studied for security systems, which are becoming increasingly important today. Towards this direction, we aim to reduce the power consumption of Network-level Intrusion Detection Systems (NIDS), which are used to improve the secure operation of modern computer networks. Unfortunately, traditional approaches to low-power system design, such as frequency scaling lead to a disproportionate increase in packet processing and queuing times. In this work, we show that this increase has a negative impact on the detection latency and impedes a timely reaction. To address this issue, we present LEoNIDS: an architecture that resolves the energy-latency tradeoff by providing both low power consumption and low detection latency at the same time. The key idea is to identify the packets that are more likely to carry an attack and give them higher priority so as to achieve low attack detection latency. Our results indicate that LEoNIDS consumes comparable power to a state-of-the-art low-power design, while, at the same time, achieving up to an order of magnitude faster attack detection.
Keywords: Computer architecture; Delays; Mobile handsets; Power demand; Program processors; Security; Time-frequency analysis; Energy-Efficient Systems; Intrusion Detection Systems; Low Latency; Low-Power design; Multi-Core Packet Processing; Network Security; Performance (ID#: 15-6681)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6977945&isnumber=6558478

Renukuntla, S.S.B.; Rawat, S., “Optimization of Excerpt Query Process for Packet Attribution System,” Information Assurance and Security (IAS), 2014 10th International Conference on, vol., no., pp. 41, 46, 28-30 Nov. 2014. doi:10.1109/ISIAS.2014.7064618
Abstract: Internet and its applications have increased to an enormous extent in the past decade. As the usage increased, it has also exposed its users to various security threats. Network forensic techniques can be used to traceback the source and the path of an attack that can be used as a legal evidence in a court of law. Packet attribution techniques like Source Path Isolation (SPIE), Block Bloom Filter (BBF), and Hierarchical Bloom Filter (HBF) are proposed to store the packet data into the bloom filters at each router present in the network. All the routers in the Autonomous System (AS) are queried for presence of excerpt in their bloom filters to traceback source and path of attack. Upon receiving the excerpt query, each router search their bloom filters for presence of excerpt and send the result to NMS. NMS receives the response from routers and determines the traceback path from victim to source of attack. In this process, all the routers are engaged in searching the bloom filters, causing possible delay in performing actual routing tasks. This degrades network performance and may adversely affect QoS of network. To address potential performance issues, in this paper, we propose query optimization techniques, reducing the number of routers to be searched to a great extent, without adversely affecting storage and processing requirements as compared to existing attribution methods.
Keywords: Internet; computer network security; data structures; digital forensics; optimisation; quality of service; query processing; telecommunication network routing; AS; Internet security; NMS; QoS; autonomous system; bloom filters; excerpt query process optimization; network forensic technique; packet attribution system; packet data store; routing task; source traceback; Hafnium; IP networks; Excerpt Query; Hash-based traceback; Packet Attribution System; Payload Attribution System (ID#: 15-6682)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7064618&isnumber=7064614

Tennekoon, R.; Wijekoon, J.; Harahap, E.; Nishi, H.; Saito, E.; Katsura, S., “Per Hop Data Encryption Protocol for Transmission of Motion Control Data over Public Networks,” Advanced Motion Control (AMC), 2014 IEEE 13th International Workshop on, vol., no., pp. 128, 133, 14-16 March 2014. doi:10.1109/AMC.2014.6823269
Abstract: Bilateral controllers are widely used vital technology to perform remote operations and telesurgeries. The nature of the bilateral controller enables control objects, which are geographically far from the operation location. Therefore, the control data has to travel through public networks. As a result, to maintain the effectiveness and the consistency of applications such as teleoperations and telesurgeries, faster data delivery and data integrity are essential. The Service-oriented Router (SoR) was introduced to maintain the rich information on the Internet and to achieve maximum benefit from networks. In particular, the security, privacy and integrity of bilateral communication are not discoursed in spite of its significance brought by its underlying skill information or personal vital information. An SoR can analyze all packet or network stream transactions on its interfaces and store them in high throughput databases. In this paper, we introduce a hop-by-hop routing protocol which provides hop-by-hop data encryption using functions of the SoR. This infrastructure can provide security, privacy and integrity by using these functions. Furthermore, we present the implementations of proposed system in the ns-3 simulator and the test result shows that in a given scenario, the protocol only takes a processing delay of 46.32 μs for the encryption and decryption processes per a packet.
Keywords: Internet; computer network security; control engineering computing; cryptographic protocols; data communication; data integrity; data privacy; force control; medical robotics; motion control; position control; routing protocols; surgery; telecontrol; telemedicine; telerobotics; SoR; bilateral communication; bilateral controller; control objects; data delivery; decryption process; hop-by-hop data encryption; hop-by-hop routing protocol; motion control data transmission; network stream transaction analysis; ns-3 simulator; operation location; packet analysis; per hop data encryption protocol; personal vital information; privacy; processing delay; public network; remote operation; security; service-oriented router; skill information; teleoperation; telesurgery; throughput database; Delays; Encryption; Haptic interfaces; Routing protocols; Surgery; Bilateral Controllers; Service-oriented Router; hop-by-hop routing; motion control over networks; ns-3 (ID#: 15-6683)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6823269&isnumber=6823244

Jin Hai; Wang Hai-Lan, “Research of the Router Scheme for Virtual Storage,” Intelligent Computation Technology and Automation (ICICTA), 2014 7th International Conference on, vol., no., pp. 484, 487, 25-26 Oct. 2014. doi:10.1109/ICICTA.2014.123
Abstract: With the development of storage technology, the increase of the storage quantity and diverse forms, virtual storage has become a most adaptable technology in the current environment. It helps users to provide interactive procedure in the heterogeneous environment, maintain the operating system continuity, simplify the storage management complexity and reduce the storage cost. Virtual storage is to centralized manage multiple storage devices and provide large capacity, high data transmission performance for users. It can be realized in three levels: virtual storage based on hosts, networks and storage devices. Virtual storage based on networks can be further divided into virtualization based on net devices, switches and routers. This paper focus on the router scheme in for virtual storage, which has higher performance and better security compared with other method. Virtualization based on routers is to integrate virtual modules into the routers, giving storage routers in the network have both exchange functions of the switches and protocol conversion functions of the routers. It makes full use of the current storage resources and protecting user investment, and also allows users in the Ethernet connect to the virtual storage pool, which can use different protocol channels at the same time. As the focus study at present, virtual storage can be used in several fields, such as data mirroring, data replication, tapes backup enhancement devices, real-time duplication, real-time data recovery and application integration.
Keywords: data communication; local area networks; protocols; virtual storage; virtualisation; Ethernet; multiple storage devices; protocol channels; protocol conversion functions; storage cost reduction; storage management complexity; storage resources; storage router scheme; switches conversion functions; virtual storage; virtualization; Operating systems; Routing protocols; Servers; Storage area networks; Storage management; Virtualization; Data Storage; Router Scheme; Storage Devices; Storage Management; Virtual Storage (ID#: 15-6684)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7003586&isnumber=7003462

Ahmed, A.S.; Hassan, R.; Othman, N.E., “Security Threats for IPv6 Transition Strategies: A Review,” Engineering Technology and Technopreneuship (ICE2T), 2014 4th International Conference on, vol., no., pp. 83, 88, 27-29 Aug. 2014. doi:10.1109/ICE2T.2014.7006224
Abstract: There is a growing perception among communications experts that IPv6 and its associated protocols is set to soon replace the current IP version. This is somewhat interesting given that general adoption of IPv6 has been slow. Perhaps this can be explained by the short-term fixes to IPv4 address including classless addressing and NAT. Because of these short-term solutions in addition that IPv4 is not capable to manage the growth of information systems, particularly the growth of internet technologies and services including cloud computing, mobile IP, IP telephony, and IP-capable mobile telephony, all of which necessitate the use of IPv6. There is however a realization that the transformation must be gradual and properly guided and managed. To this end, the Internet Engineering Task Force (IETF) was formed to assist in the transition from IPv4 to IPv6 Dual Stack, Header Translation and Tunneling. The mechanisms employed in this transition consist of changes to protocol mechanisms affecting hosts and routers, addressing and deployment, that are designed to avoid mishap and facilitate a smooth transition from IPv4 to IPv6. Given the inevitability of adopting IPv6, this paper focuses on a detailed examination of the transition techniques and its associated benefits and possible shortcomings. Furthermore, the security threats for each transition technique are overviewed.
Keywords: Internet; information systems; security of data; transport protocols; IETF; IP-capable mobile telephony; IPv4; IPv6 transition strategy; Internet engineering task force; NAT; classless addressing; cloud computing; dual stack; header translation; information system; internet technology; mobile IP; protocol mechanism; security threat; tunneling; Encapsulation; Firewalls (computing); IP networks; Internet; Protocols; Dual Stack; IPv4; IPv6; Translation; Tunneling (ID#: 15-6685)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7006224&isnumber=7006204

Guneysu, T.; Regazzoni, F.; Sasdrich, P.; Wojcik, M., “THOR — The Hardware Onion Router,” Field Programmable Logic and Applications (FPL), 2014 24th International Conference on, vol., no., pp. 1, 4, 2-4 Sept. 2014. doi:10.1109/FPL.2014.6927408
Abstract: Security and privacy of data traversing internet have always been a major concern for all users. In this context, The Onion Routing (Tor) is the most successful protocol to anonymize global Internet traffic and is widely deployed as software on many personal computers or servers. In this paper, we explore the potential of modern reconfigurable devices to efficiently realize the Tor protocol on embedded devices. In particular, this targets the acceleration of the complex cryptographic operations involved in the handshake of routing nodes and the data stream encryption. Our hardware-based implementation on the Xilinx Zynq platform outperforms previous embedded solutions by more than a factor of 9 with respect to the cryptographic handshake — ultimately enabling quite inexpensive but highly efficient routers. Hence, we consider our work as a further milestone towards the development and the dissemination of low-cost and high performance onion relays that hopefully ultimately leads again to a more private Internet.
Keywords: Internet; computer network security; cryptographic protocols; data privacy; embedded systems; routing protocols; system-on-chip; telecommunication traffic; SoC; THOR; Tor protocol; Xilinx Zynq platform; complex cryptographic operations; cryptographic handshake; data stream encryption; embedded devices; global Internet traffic; hardware onion router; hardware-based implementation; modern reconfigurable devices; onion routing protocol; routing nodes handshake; security; Computer architecture; Encryption; Hardware; Protocols; Relays; Software (ID#: 15-6686)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6927408&isnumber=6927322

Sapio, A.; Baldi, M.; Liao, Y.; Ranjan, G.; Risso, F.; Tongaonkar, A.; Torres, R.; Nucci, A., “MAPPER: A Mobile Application Personal Policy Enforcement Router for Enterprise Networks,” Software Defined Networks (EWSDN), 2014 Third European Workshop on, vol., no., pp. 131, 132, 1-3 Sept. 2014. doi:10.1109/EWSDN.2014.9
Abstract: MAPPER is a system for enforcing user-specific policies based on the availability of access nodes that support the capability to dynamically load and execute processing modules on the data path. This work leverages a network access node that, after authenticating a connecting user, loads a set of lightweight virtual machines that process traffic terminated on the user device to implement articulated user-specific access policies. Specifically, we demonstrate how a man-in-the-middle-proxy module, dynamically and opportunistically combined with a module capable of mobile application identification, can implement complex access policies. The man-in-the-middle-proxy module enables MAPPER policies to be applied to both clear and HTTPS traffic, while an intelligent traffic classification system, provides support for policies based on over 250,000 mobile apps spanning both Android and iOS platforms.
Keywords: Android (operating system); business communication; iOS (operating system); mobile computing; security of data; telecommunication network routing; virtual machines; Android platform; MAPPER; articulated user specific access policies; complex access policies; enterprise networks; iOS platform; intelligent traffic classification system; lightweight virtual machines; mobile application personal policy enforcement router; network access node; user authentication; userspecific policies; Conferences; Europe; Mobile communication; Mobile computing; Monitoring; Smart phones; Virtual machining; apps; network; policy; virtualization (ID#: 15-6687)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6984070&isnumber=6984033

Ganegedara, T.; Weirong Jiang; Prasanna, V.K., “A Scalable and Modular Architecture for High-Performance Packet Classification,” Parallel and Distributed Systems, IEEE Transactions on, vol. 25, no.5, pp. 1135, 1144, May 2014. doi:10.1109/TPDS.2013.261
Abstract: Packet classification is widely used as a core function for various applications in network infrastructure. With increasing demands in throughput, performing wire-speed packet classification has become challenging. Also the performance of today's packet classification solutions depends on the characteristics of rulesets. In this work, we propose a novel modular Bit-Vector (BV) based architecture to perform high-speed packet classification on Field Programmable Gate Array (FPGA). We introduce an algorithm named StrideBV and modularize the BV architecture to achieve better scalability than traditional BV methods. Further, we incorporate range search in our architecture to eliminate ruleset expansion caused by range-to-prefix conversion. The post place-and-route results of our implementation on a state-of-the-art FPGA show that the proposed architecture is able to operate at 100+ Gbps for minimum size packets while supporting large rulesets up to 28 K rules using only the on-chip memory resources. Our solution is ruleset-feature independent, i.e. the above performance can be guaranteed for any ruleset regardless the composition of the ruleset.
Keywords: field programmable gate arrays; packet switching; FPGA; core function; field programmable gate array; high performance packet classification solutions; high speed packet classification; modular architecture; modular bit vector; network infrastructure; on-chip memory resources; range-to-prefix conversion; ruleset expansion; ruleset-feature independent; scalable architecture; wire speed packet classification; Arrays; Field programmable gate arrays; Hardware; Memory management; Pipelines; Throughput; Vectors; ASIC; FPGA; Packet classification; firewall; hardware architectures; network security; networking; router (ID#: 15-6688)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6627892&isnumber=6786006

Fadlallah, A., “Adaptive Probabilistic Packet Marking Scheme for IP Traceback,” Computer Applications and Information Systems (WCCAIS), 2014 World Congress on, vol., no., pp. 1, 5, 17-19 Jan. 2014. doi:10.1109/WCCAIS.2014.6916548
Abstract: IP Traceback is a fundamental mechanism in defending against cyber-attacks in particular the denial of service (DoS) attacks. Many schemes have been proposed in the literature; in particular, Probabilistic Packet Marking (PPM) schemes were in the center of the researchers’ attention given their scalability and thus their ability to trace distributed attacks such as distributed denial of service attacks (DDoS). A major issue in PPM-based schemes is the fixed marking probability, which reduces the probability of getting marked packets from routers far away from the victim given that their marked packets have a higher probability to be re-marked by routers near the victim. This increases the number of packets required to reconstruct the attack path. In this paper, we propose a simple, yet efficient solution for this issue by letting the routers adapt their marking probability based on the number of packets they have previously re-marked. We compare our scheme to the original PPM through extensive simulations. The results clearly show the improvement brought by our proposed marking scheme.
Keywords: IP networks; computer network security; probability; DDoS attacks; IP traceback; PPM schemes; PPM-based schemes; adaptive probabilistic packet marking scheme; cyber-attacks; distributed denial of service attacks; marking probability; Computers; Filtering theory; Internet; Probabilistic logic; Radiation detectors; Simulation; Denial of Service attacks; IP traceback; Probabilistic Packet Marking (ID#: 15-6689)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6916548&isnumber=6916540

Liang Chen, “Secure Network Coding for Wireless Routing,” Communications (ICC), 2014 IEEE International Conference on, vol., no., pp. 1941, 1946, 10-14 June 2014. doi:10.1109/ICC.2014.6883607
Abstract: Nowadays networking is secure because we encrypt the confidential messages with the underlying assumption that adversaries in the network are computationally bounded. For traditional routing or network coding, routers know the contents of the packets they receive. Networking is not secure any more if there are eavesdroppers with infinite computational power at routers. Our concern is whether we can achieve stronger security at routers. This paper proposes secure network coding for wireless routing. Combining channel coding and network coding, this scheme can not only provide physical layer security at wireless routers but also forward data error-free at a high rate. In the paper we prove this scheme can be applied to general networks for secure wireless routing.
Keywords: channel coding; telecommunication network routing; channel coding; forward data error-free; physical layer security; secure network coding; secure wireless routing; Communication system security; Network coding; Protocols; Relays; Routing; Security; Throughput; information-theoretic secrecy; network coding; network information theory; wireless routing (ID#: 15-6690)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6883607&isnumber=6883277

Krishnan, R.; Krishnaswamy, D.; Mcdysan, D., “Behavioral Security Threat Detection Strategies for Data Center Switches and Routers,” Distributed Computing Systems Workshops (ICDCSW), 2014 IEEE 34th International Conference on, vol., no., pp.  82, 87, June 30 2014–July 3 2014. doi:10.1109/ICDCSW.2014.19
Abstract: Behavioral security threats such as Distributed Denial of Service (DDoS) attacks are an ongoing problem in large scale Data Centers (DC) and pose huge performance challenges to DC operators. Typically, a dedicated Firewall/DDoS appliance is needed for Layer 2-7 behavioral security threat detection and mitigation. This solution is cost prohibitive for large scale multi-tenant DCs with high throughput performance needs. This paper examines various Layer 2-4 behavioral security threat detection methods and assists which are implement able in the switches and routers at low cost. For DCs, this complements the overall behavioral security threat detection strategy and enables operators to offer tiered services. Extensions to emerging NFV and SDN scenarios are also discussed.
Keywords: computer centres; computer network security; DC; DDoS attack; behavioral security threat detection strategy; data center routers; data center switches; distributed denial-of-service attack; firewall; high throughput performance needs; software defined networking; Bandwidth; Computer crime; Home appliances; IP networks; Image edge detection; Servers; Data Center; Distributed Denial of Service; NFV; SDN; Security; Threat Detection (ID#: 15-6691)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6888844&isnumber=6888817

Abirami, R.; Premalatha, G., “Depletion of Vampire Attacks in Medium Access Control Level Using Interior Gateway Routing Protocol,” Information Communication and Embedded Systems (ICICES), 2014 International Conference on, vol., no., pp. 1,5, 27-28 Feb. 2014. doi:10.1109/ICICES.2014.7033801
Abstract: A wireless sensor network is a group of network nodes which collaborate with each other in a sophisticated fashion. It is built of nodes from a few to several hundreds or even thousands, where each node is connected to one (or sometimes several) sensors. In WSN, Second layer of the OSI reference layer is a data link layer which has a sub layer of Medium Access Control. The choice of Medium Access Control (MAC) protocol has a direct bearing on the reliability and efficiency of network transmissions due to errors and interferences in wireless communications and to other challenges. They are primarily responsible for regulating access to the shared medium. There are a lot of protocols developed to protect from DOS attack, but it is not completely possible. One such DOS attack is vampire attacks which cause damage in network. Secure level is low; productivity reduces which leads to environmental disasters and cause loss in the information. Routing protocols play an important role in modern wireless communication networks. Hence propose Interior Gateway Routing Protocol (IGRP) where router used it to exchange routing data within an independent system. In WSN routing protocols find the route between nodes and ensure the consistent communication between the nodes in the network.
Keywords: access protocols; computer network security; routing protocols; wireless sensor networks; DOS attack; IGRP; MAC protocol; OSI reference layer; WSN routing protocols; data link layer; interior gateway routing protocol; medium access control level; medium access control protocol; network transmissions; routing data exchange; vampire attack depletion; wireless communication networks; wireless sensor network; Computer crime; Logic gates; Routing; Routing protocols; Sensors; Wireless sensor networks; DOS attack; IGRP; MAC; WSN (ID#: 15-6692)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7033801&isnumber=7033740

Fengjiao Li; Luyong Zhang; Dianjun Chen, “Vulnerability Mining of Cisco Router Based on Fuzzing,” Systems and Informatics (ICSAI), 2014 2nd International Conference on, vol., no., pp. 649, 653, 15-17 Nov. 2014. doi:10.1109/ICSAI.2014.7009366
Abstract: Router security analysis plays a vital role in maintaining network security. However, IOS, which runs in Cisco routers, has been proved carrying serious security risks. And in order to improve security, we need to conduct vulnerability mining on IOS. Currently, Fuzzing, as a simple and effective automated test technology, is widely used in vulnerability discovery. In this paper, we introduce a novel testing framework for Cisco routers. Based on this framework, we first generate test cases with Semi-valid Fuzzing Test Cases Generator (SFTCG), which considerably improves the test effectiveness and code coverage. After that, we develop a new Fuzzer based on SFTCG and then emulate Cisco router in Dynamips, which makes it easy to interact with GDB or IDA Pro for debugging. In order to supervise the Target, we employ a Monitor Module to check the status of the router regularly. Finally, through the experiment on ICMP protocol in IOS, we find the released vulnerabilities of Ping of Death and Denial of Service, which demonstrates the effectiveness of our proposed Fuzzer.
Keywords: computer network security; routing protocols; transport protocols; Cisco router mining; Denial of Service; GDB; ICMP protocol; IDA; IOS; SFTCG; dynamip; internet control message protocol; monitor module; network security; router security risk analysis; semivalid fuzzing test case generator; target supervision; Communication networks; Debugging; Monitoring; Routing protocols; Security; Testing; Cisco IOS; Fuzzing; SFTCG; Vulnerability (ID#: 15-6693)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7009366&isnumber=7009247

Kekai Hu; Wolf, T.; Teixeira, T.; Tessier, R., “System-Level Security for Network Processors with Hardware Monitors,” Design Automation Conference (DAC), 2014 51st ACM/EDAC/IEEE, vol., no., pp. 1, 6, 1-5 June 2014. doi: (not provided)
Abstract: New attacks are emerging that target the Internet infrastructure. Modern routers use programmable network processors that may be exploited by merely sending suitably crafted data packets into a network. Hardware monitors that are co-located with processor cores can detect attacks that change processor behavior with high probability. In this paper, we present a solution to the problem of secure, dynamic installation of hardware monitoring graphs on these devices. We also address the problem of how to overcome the homogeneity of a network with many identical devices, where a successful attack, albeit possible only with small probability, may have devastating effects.
Keywords: computer network management; computer network security; cryptography; multiprocessing systems; Internet infrastructure; data packets; dynamic installation; hardware monitoring graphs; hardware monitors; modern routers; processor behavior; processor cores; programmable network processors; Hardware; Monitoring; Program processors; Prototypes; Public key (ID#: 15-6694)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6881538&isnumber=6881325

Biswas, J.; Gupta, A.; Singh, D., “WADP: A Wormhole Attack Detection and Prevention Technique in MANET Using Modified AODV Routing Protocol,” Industrial and Information Systems (ICIIS), 2014 9th International Conference on, vol., no., pp. 1, 6,
15-17 Dec. 2014. doi:10.1109/ICIINFS.2014.7036535
Abstract: Mobile Ad hoc Networks (MANETs) are prone to a variety of attacks due to their unique characteristics like dynamic topology, open wireless medium, absence of infrastructure, multi hop nature and resource constraints. A node in MANET acts not only as an end terminal but both as router and client. In this way, multi-hop communication occurs in MANETs and thus it becomes much more difficult task to establish a secure path between the source and destination. The objective of this work is to overcome a special kind of attack called wormhole attack launched by at least two colluding nodes within a network. In this research paper work, some modifications has been done in AODV routing protocol to detect and remove wormhole attack in real-world MANET. Wormhole attack detection and prevention algorithm, WADP, has been implemented in modified AODV. Also node authentication has been used to detect malicious nodes and remove false positive problem that may arise in WADP algorithm. Node authentication not only removes false positive but also helps in mapping exact location of wormhole and is a kind of double verification for wormhole attack detection. Simulation results prove the theory.
Keywords: invasive software; mobile ad hoc networks; routing protocols; telecommunication network topology; telecommunication security; AODV routing protocol; MANET; WADP algorithm; dynamic topology; multihop communication; node authentication; open wireless medium; wormhole attack detection and prevention technique; Authentication; Delays; IP networks; Mobile ad hoc networks; Monitoring; Routing protocols; Synchronization; attack modes; modified AODV; wireless ad hoc network; wormhole nodes (ID#: 15-6695)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7036535&isnumber=7036459

Shankar, S.S.; Lin PinXing; Herkersdorf, A., “Deep Packet Inspection in Residential Gateways and Routers: Issues and Challenges,” Integrated Circuits (ISIC), 2014 14th International Symposium on, vol., no., pp. 560, 563, 10-12 Dec. 2014. doi:10.1109/ISICIR.2014.7029481
Abstract: Several industry trends and new applications have brought the residential gateway router (RGR) to the center of digital home with direct connectivity to the service provider’s network. Increasing risks of network attacks have necessitated the need for deep packet inspection in network processor (NP) used by RGR to match traffic at multiple gigabit throughput. Traditional deep packet inspection (DPI) implementations primarily focus on end hosts like servers, personal / handheld computers. Existing DPI signature matching techniques cannot be directly implemented in RGR due to various issues and challenges pertaining to processing capacity of the NP and associated memory constraints. So 4 key factors, regular expression support, gigabit throughput, scalability and ease of signature updates has been proposed through which best signature matching system could be designed for efficient DPI implementation in RGR.
Keywords: computer network security; digital signatures; internetworking; telecommunication network routing; telecommunication traffic; DPI implementation; DPI signature matching techniques; NP processing capacity; RGR; deep-packet inspection; digital home; ease-of-signature update factor; gigabit throughput factor; memory constraints; network attack risks; network processor; network traffic; regular expression support factor; residential gateway router; scalability factor; service provider network; Algorithm design and analysis; Automata; Inspection; Memory management; Pattern matching; Software; Throughput; Deep Packet Inspection; Network Security; Regular Expressions; Residential Gateway and Router (ID#: 15-6696)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7029481&isnumber=7029433
 

---

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

---

Software Assurance, 2014, Part 1

 

	Software Assurance, 2014 Part 1

Software assurance is an essential element in the development of scalable and composable systems.  For a complete system to be secure, each subassembly must be secure. The research work cited here was presented in 2014.

---

Konrad Iwanicki, Przemyslaw Horban, Piotr Glazar, Karol Strzelecki; “Bringing Modern Unit Testing Techniques to Sensornets,” ACM Transactions on Sensor Networks (TOSN), Volume 11, Issue 2, August 2014, Article No. 25. doi:10.1145/2629422
Abstract: Unit testing, an important facet of software quality assurance, is underappreciated by wireless sensor network (sensornet) developers. This is likely because our tools lag behind the rest of the computing field. As a remedy, we present a new framework that enables modern unit testing techniques in sensornets. Although the framework takes a holistic approach to unit testing, its novelty lies mainly in two aspects. First, to boost test development, it introduces embedded mock modules that automatically abstract out dependencies of tested code. Second, to automate test assessment, it provides embedded code coverage tools that identify untested control flow paths in the code. We demonstrate that in sensornets these features pose unique problems, solving which requires dedicated support from the compiler and operating system. However, the solutions have the potential to offer substantial benefits. In particular, they reduce the unit test development effort by a few factors compared to existing solutions. At the same time, they facilitate obtaining full code coverage, compared to merely 57–72% that can be achieved with integration tests. They also allow for intercepting and reporting many classes of runtime failures, thereby simplifying the diagnosis of software flaws. Finally, they enable fine-grained management of the quality of sensornet software.
Keywords: Unit testing, code coverage, embedded systems, mock objects, software quality assurance, wireless sensor networks (ID#: 15-6236)
URL:  http://doi.acm.org/10.1145/2629422

Peter C. Rigby, Daniel M. German, Laura Cowen, Margaret-Anne Storey; “Peer Review on Open-Source Software Projects: Parameters, Statistical Models, and Theory,” ACM Transactions on Software Engineering and Methodology (TOSEM) - Special Issue International Conference on Software Engineering (ICSE 2012) and Regular Papers, Volume 23, Issue 4, August 2014, Article No. 35. doi:10.1145/2594458
Abstract: Peer review is seen as an important quality-assurance mechanism in both industrial development and the open-source software (OSS) community. The techniques for performing inspections have been well studied in industry; in OSS development, software peer reviews are not as well understood.  To develop an empirical understanding of OSS peer review, we examine the review policies of 25 OSS projects and study the archival records of six large, mature, successful OSS projects. We extract a series of measures based on those used in traditional inspection experiments. We measure the frequency of review, the size of the contribution under review, the level of participation during review, the experience and expertise of the individuals involved in the review, the review interval, and the number of issues discussed during review. We create statistical models of the review efficiency, review interval, and effectiveness, the issues discussed during review, to determine which measures have the largest impact on review efficacy.  We find that OSS peer reviews are conducted asynchronously by empowered experts who focus on changes that are in their area of expertise. Reviewers provide timely, regular feedback on small changes. The descriptive statistics clearly show that OSS review is drastically different from traditional inspection.
Keywords: Peer review, inspection, mining software repositories, open-source software (ID#: 15-6237)
URL:  http://doi.acm.org/10.1145/2594458

Lucas Layman, Victor R. Basili, Marvin V. Zelkowitz; “A Methodology for Exposing Risk in Achieving Emergent System Properties,” ACM Transactions on Software Engineering and Methodology (TOSEM), Volume 23, Issue 3, May 2014,  Article No. 22. doi:10.1145/2560048
Abstract: Determining whether systems achieve desired emergent properties, such as safety or reliability, requires an analysis of the system as a whole, often in later development stages when changes are difficult and costly to implement. In this article we propose the Process Risk Indicator (PRI) methodology for analyzing and evaluating emergent properties early in the development cycle. A fundamental assumption of system engineering is that risk mitigation processes reduce system risks, yet these processes may also be a source of risk: (1) processes may not be appropriate for achieving the desired emergent property; or (2) processes may not be followed appropriately. PRI analyzes development process artifacts (e.g., designs pertaining to reliability or safety analysis reports) to quantify process risks that may lead to higher system risk. We applied PRI to the hazard analysis processes of a network-centric, Department of Defense system-of-systems and two NASA spaceflight projects to assess the risk of not achieving one such emergent property, software safety, during the early stages of the development lifecycle. The PRI methodology was used to create measurement baselines for process indicators of software safety risk, to identify risks in the hazard analysis process, and to provide feedback to projects for reducing these risks.
Keywords: Process risk, risk measurement, software safety (ID#: 15-6238)
URL:  http://doi.acm.org/10.1145/2560048

Pingyu Zhang, Sebastian Elbaum; “Amplifying Tests to Validate Exception Handling Code: An Extended Study in the Mobile Application Domain,” ACM Transactions on Software Engineering and Methodology (TOSEM) - Special Issue International Conference on Software Engineering (ICSE 2012) and Regular Papers, Volume 23, Issue 4, August 2014, Article No. 32. doi:10.1145/2652483
Abstract: Validating code handling exceptional behavior is difficult, particularly when dealing with external resources that may be noisy and unreliable, as it requires (1) systematic exploration of the space of exceptions that may be thrown by the external resources, and (2) setup of the context to trigger specific patterns of exceptions. In this work, we first present a study quantifying the magnitude of the problem by inspecting the bug repositories of a set of popular applications in the increasingly relevant domain of Android mobile applications. The study revealed that 22% of the confirmed and fixed bugs have to do with poor exceptional handling code, and half of those correspond to interactions with external resources. We then present an approach that addresses this challenge by performing an systematic amplification of the program space explored by a test by manipulating the behavior of external resources. Each amplification attempts to expose a program’s exception handling constructs to new behavior by mocking an external resource so that it returns normally or throws an exception following a predefined set of patterns. Our assessment of the approach indicates that it can be fully automated, is powerful enough to detect 67% of the faults reported in the bug reports of this kind, and is precise enough that 78% of the detected anomalies are fixed, and it has a great potential to assist developers.
Keywords: Test transformation, exception handling, mobile applications, test amplification, test case generation (ID#: 15-6239)
URL: http://doi.acm.org/10.1145/2652483

Salah Bouktif, Houari Sahraoui, Faheem Ahmed; “Predicting Stability of Open-Source Software Systems Using Combination of Bayesian Classifiers,” ACM Transactions on Management Information Systems (TMIS); Volume 5 Issue 1, April 2014,  Article No. 3. doi:10.1145/2555596
Abstract: The use of free and Open-Source Software (OSS) systems is gaining momentum. Organizations are also now adopting OSS, despite some reservations, particularly about the quality issues. Stability of software is one of the main features in software quality management that needs to be understood and accurately predicted. It deals with the impact resulting from software changes and argues that stable components lead to a cost-effective software evolution. Changes are most common phenomena present in OSS in comparison to proprietary software. This makes OSS system evolution a rich context to study and predict stability. Our objective in this work is to build stability prediction models that are not only accurate but also interpretable, that is, able to explain the link between the architectural aspects of a software component and its stability behavior in the context of OSS. Therefore, we propose a new approach based on classifiers combination capable of preserving prediction interpretability. Our approach is classifier-structure dependent. Therefore, we propose a particular solution for combining Bayesian classifiers in order to derive a more accurate composite classifier that preserves interpretability. This solution is implemented using a genetic algorithm and applied in the context of an OSS large-scale system, namely the standard Java API. The empirical results show that our approach outperforms state-of-the-art approaches from both machine learning and software engineering.
Keywords: Bayesian classifiers, Software stability prediction, genetic algorithm (ID#: 15-6240)
URL:  http://doi.acm.org/10.1145/2555596

Yuming Zhou, Baowen Xu, Hareton Leung, Lin Chen; “An In-Depth Study of the Potentially Confounding Effect of Class Size in Fault Prediction,” ACM Transactions on Software Engineering and Methodology (TOSEM); Volume 23, Issue 1, February 2014, Article No. 10. doi:10.1145/2556777
Abstract: Background. The extent of the potentially confounding effect of class size in the fault prediction context is not clear, nor is the method to remove the potentially confounding effect, or the influence of this removal on the performance of fault-proneness prediction models. Objective. We aim to provide an in-depth understanding of the effect of class size on the true associations between object-oriented metrics and fault-proneness. Method. We first employ statistical methods to examine the extent of the potentially confounding effect of class size in the fault prediction context. After that, we propose a linear regression-based method to remove the potentially confounding effect. Finally, we empirically investigate whether this removal could improve the prediction performance of fault-proneness prediction models. Results. Based on open-source software systems, we found: (a) the confounding effect of class size on the associations between object-oriented metrics and fault-proneness in general exists; (b) the proposed linear regression-based method can effectively remove the confounding effect; and (c) after removing the confounding effect, the prediction performance of fault prediction models with respect to both ranking and classification can in general be significantly improved. Conclusion. We should remove the confounding effect of class size when building fault prediction models.
Keywords: Metrics, class size, confounding effect, fault, prediction (ID#: 15-6241)
URL:  http://doi.acm.org/10.1145/2556777

Lionel Briand, Davide Falessi, Shiva Nejati, Mehrdad Sabetzadeh, Tao Yue; “Traceability and SysML Design Slices to Support Safety Inspections: A Controlled Experiment,” ACM Transactions on Software Engineering and Methodology (TOSEM), Volume 23, Issue 1, February 2014,  Article No. 9. doi:10.1145/2559978
Abstract: Certifying safety-critical software and ensuring its safety requires checking the conformance between safety requirements and design. Increasingly, the development of safety-critical software relies on modeling, and the System Modeling Language (SysML) is now commonly used in many industry sectors. Inspecting safety conformance by comparing design models against safety requirements requires safety inspectors to browse through large models and is consequently time consuming and error-prone. To address this, we have devised a mechanism to establish traceability between (functional) safety requirements and SysML design models to extract design slices (model fragments) that filter out irrelevant details but keep enough context information for the slices to be easy to inspect and understand. In this article, we report on a controlled experiment assessing the impact of the traceability and slicing mechanism on inspectors' conformance decisions and effort. Results show a significant decrease in effort and an increase in decisions’ correctness and level of certainty.
Keywords: Empirical software engineering, design, requirements specification, software and system safety, software/program verification (ID#: 15-6242)
URL: http://doi.acm.org/10.1145/2559978 

Yong Ge, Guofei Jiang, Min Ding, Hui Xiong; “Ranking Metric Anomaly in Invariant Networks,” ACM Transactions on Knowledge Discovery from Data (TKDD), Volume 8, Issue 2, June 2014, Article No. 8. doi:10.1145/2601436
Abstract: The management of large-scale distributed information systems relies on the effective use and modeling of monitoring data collected at various points in the distributed information systems. A traditional approach to model monitoring data is to discover invariant relationships among the monitoring data. Indeed, we can discover all invariant relationships among all pairs of monitoring data and generate invariant networks, where a node is a monitoring data source (metric) and a link indicates an invariant relationship between two monitoring data. Such an invariant network representation can help system experts to localize and diagnose the system faults by examining those broken invariant relationships and their related metrics, since system faults usually propagate among the monitoring data and eventually lead to some broken invariant relationships. However, at one time, there are usually a lot of broken links (invariant relationships) within an invariant network. Without proper guidance, it is difficult for system experts to manually inspect this large number of broken links. To this end, in this article, we propose the problem of ranking metrics according to the anomaly levels for a given invariant network, while this is a nontrivial task due to the uncertainties and the complex nature of invariant networks. Specifically, we propose two types of algorithms for ranking metric anomaly by link analysis in invariant networks. Along this line, we first define two measurements to quantify the anomaly level of each metric, and introduce the mRank algorithm. Also, we provide a weighted score mechanism and develop the gRank algorithm, which involves an iterative process to obtain a score to measure the anomaly levels. In addition, some extended algorithms based on mRank and gRank algorithms are developed by taking into account the probability of being broken as well as noisy links. Finally, we validate all the proposed algorithms on a large number of real-world and synthetic data sets to illustrate the effectiveness and efficiency of different algorithms.
Keywords: Metric anomaly ranking, invariant networks, link analysis (ID#: 15-6243)
URL:   http://doi.acm.org/10.1145/2601436

 
Hwidong Na, Jong-Hyeok Lee; “Linguistic Analysis of Non-ITG Word Reordering Between Language Pairs with Different Word Order Typologies,” ACM Transactions on Asian Language Information Processing (TALIP), Volume 13, Issue 3, September 2014, Article No. 11. doi:10.1145/2644810
Abstract: The Inversion Transduction Grammar (ITG) constraints have been widely used for word reordering in machine translation studies. They are, however, so restricted that some types of word reordering cannot be handled properly. We analyze three corpora between SVO and SOV languages: Chinese-Korean, English-Japanese, and English-Korean. In our analysis, sentences that require non-ITG word reordering are manually categorized. We also report the results for two quantitative measures that reveal the significance of non-ITG word reordering. In conclusion, we suggest that ITG constraints are insufficient to deal with word reordering in real situations.
Keywords: Machine translation, corpus analysis, inversion transduction grammar (ID#: 15-6244)
URL:  http://doi.acm.org/10.1145/2644810

Klaas-Jan Stol, Paris Avgeriou, Muhammad Ali Babar, Yan Lucas, Brian Fitzgerald; “Key Factors for Adopting Inner Source,” ACM Transactions on Software Engineering and Methodology (TOSEM),
Volume 23 Issue 2, March 2014, Article No. 18. doi:10.1145/2533685
Abstract: A number of organizations have adopted Open Source Software (OSS) development practices to support or augment their software development processes, a phenomenon frequently referred to as Inner Source. However the adoption of Inner Source is not a straightforward issue. Many organizations are struggling with the question of whether Inner Source is an appropriate approach to software development for them in the first place. This article presents a framework derived from the literature on Inner Source, which identifies nine important factors that need to be considered when implementing Inner Source. The framework can be used as a probing instrument to assess an organization on these nine factors so as to gain an understanding of whether or not Inner Source is suitable. We applied the framework in three case studies at Philips Healthcare, Neopost Technologies, and Rolls-Royce, which are all large organizations that have either adopted Inner Source or were planning to do so. Based on the results presented in this article, we outline directions for future research.
Keywords: Case study, framework, inner source, open-source development practices (ID#: 15-6245)
URL:  http://doi.acm.org/10.1145/2533685

 
M. Unterkalmsteiner, R. Feldt, T. Gorschek; “A Taxonomy for Requirements Engineering and Software Test Alignment,” ACM Transactions on Software Engineering and Methodology (TOSEM) , Volume 23, Issue 2, March 2014, Article No. 16. doi:10.1145/2523088
Abstract: Requirements engineering and software testing are mature areas and have seen a lot of research. Nevertheless, their interactions have been sparsely explored beyond the concept of traceability. To fill this gap, we propose a definition of requirements engineering and software test (REST) alignment, a taxonomy that characterizes the methods linking the respective areas, and a process to assess alignment. The taxonomy can support researchers to identify new opportunities for investigation, as well as practitioners to compare alignment methods and evaluate alignment, or lack thereof. We constructed the REST taxonomy by analyzing alignment methods published in literature, iteratively validating the emerging dimensions. The resulting concept of an information dyad characterizes the exchange of information required for any alignment to take place. We demonstrate use of the taxonomy by applying it on five in-depth cases and illustrate angles of analysis on a set of thirteen alignment methods. In addition, we developed an assessment framework (REST-bench), applied it in an industrial assessment, and showed that it, with a low effort, can identify opportunities to improve REST alignment. Although we expect that the taxonomy can be further refined, we believe that the information dyad is a valid and useful construct to understand alignment.
Keywords: Alignment, software process assessment, software testing, taxonomy (ID#: 15-6246)
URL:  http://doi.acm.org/10.1145/2523088

Federico Mari, Igor Melatti, Ivano Salvo, Enrico Tronci; “Model-Based Synthesis of Control Software from System-Level Formal Specifications,” ACM Transactions on Software Engineering and Methodology (TOSEM), Volume 23, Issue 1, February 2014, Article No. 6. doi:10.1145/2559934
Abstract: Many embedded systems are indeed software-based control systems, that is, control systems whose controller consists of control software running on a microcontroller device. This motivates investigation on formal model-based design approaches for automatic synthesis of embedded systems control software. We present an algorithm, along with a tool QKS implementing it, that from a formal model (as a discrete-time linear hybrid system) of the controlled system (plant), implementation specifications (that is, number of bits in the Analog-to-Digital, AD, conversion) and system-level formal specifications (that is, safety and liveness requirements for the closed loop system) returns correct-by-construction control software that has a Worst-Case Execution Time (WCET) linear in the number of AD bits and meets the given specifications. We show feasibility of our approach by presenting experimental results on using it to synthesize control software for a buck DC-DC converter, a widely used mixed-mode analog circuit, and for the inverted pendulum.
Keywords: Hybrid systems, correct-by-construction control software synthesis, model-based design of control software (ID#: 15-6247)
URL:  http://doi.acm.org/10.1145/2559934

Dilan Sahin, Marouane Kessentini, Slim Bechikh, Kalyanmoy Deb; “Code-Smell Detection as a Bilevel Problem,” ACM Transactions on Software Engineering and Methodology (TOSEM), Volume 24, Issue 1, September 2014, Article No. 6. doi:10.1145/2675067
Abstract: Code smells represent design situations that can affect the maintenance and evolution of software. They make the system difficult to evolve. Code smells are detected, in general, using quality metrics that represent some symptoms. However, the selection of suitable quality metrics is challenging due to the absence of consensus in identifying some code smells based on a set of symptoms and also the high calibration effort in determining manually the threshold value for each metric. In this article, we propose treating the generation of code-smell detection rules as a bilevel optimization problem. Bilevel optimization problems represent a class of challenging optimization problems, which contain two levels of optimization tasks. In these problems, only the optimal solutions to the lower-level problem become possible feasible candidates to the upper-level problem. In this sense, the code-smell detection problem can be treated as a bilevel optimization problem, but due to lack of suitable solution techniques, it has been attempted to be solved as a single-level optimization problem in the past. In our adaptation here, the upper-level problem generates a set of detection rules, a combination of quality metrics, which maximizes the coverage of the base of code-smell examples and artificial code smells generated by the lower level. The lower level maximizes the number of generated artificial code smells that cannot be detected by the rules produced by the upper level. The main advantage of our bilevel formulation is that the generation of detection rules is not limited to some code-smell examples identified manually by developers that are difficult to collect, but it allows the prediction of new code-smell behavior that is different from those of the base of examples. The statistical analysis of our experiments over 31 runs on nine open-source systems and one industrial project shows that seven types of code smells were detected with an average of more than 86% in terms of precision and recall. The results confirm the outperformance of our bilevel proposal compared to state-of-art code-smell detection techniques. The evaluation performed by software engineers also confirms the relevance of detected code smells to improve the quality of software systems.
Keywords: Search-based software engineering, code smells, software quality (ID#: 15-6248)
URL:  http://doi.acm.org/10.1145/2675067

 
Eric Yuan, Naeem Esfahani, Sam Malek; “A Systematic Survey of Self-Protecting Software Systems,” ACM Transactions on Autonomous and Adaptive Systems (TAAS), Volume 8 Issue 4, January 2014, Article No. 17. doi:10.1145/2555611
Abstract: Self-protecting software systems are a class of autonomic systems capable of detecting and mitigating security threats at runtime. They are growing in importance, as the stovepipe static methods of securing software systems have been shown to be inadequate for the challenges posed by modern software systems. Self-protection, like other self-* properties, allows the system to adapt to the changing environment through autonomic means without much human intervention, and can thereby be responsive, agile, and cost effective. While existing research has made significant progress towards autonomic and adaptive security, gaps and challenges remain. This article presents a significant extension of our preliminary study in this area. In particular, unlike our preliminary study, here we have followed a systematic literature review process, which has broadened the scope of our study and strengthened the validity of our conclusions. By proposing and applying a comprehensive taxonomy to classify and characterize the state-of-the-art research in this area, we have identified key patterns, trends and challenges in the existing approaches, which reveals a number of opportunities that will shape the focus of future research efforts.
Keywords: Self-protection, adaptive security, autonomic computing, self-* properties, self-adaptive systems (ID#: 15-6249)
URL:  http://doi.acm.org/10.1145/2555611

Juan De Lara, Esther Guerra, Jesús Sánchez Cuadrado; “When and How to Use Multilevel Modelling,” ACM Transactions on Software Engineering and Methodology (TOSEM), Volume 24 Issue 2, December 2014, Article No. 12. doi:10.1145/2685615
Abstract: Model-Driven Engineering (MDE) promotes models as the primary artefacts in the software development process, from which code for the final application is derived. Standard approaches to MDE (like those based on MOF or EMF) advocate a two-level metamodelling setting where Domain-Specific Modelling Languages (DSMLs) are defined through a metamodel that is instantiated to build models at the metalevel below.  Multilevel modelling (also called deep metamodelling) extends the standard approach to metamodelling by enabling modelling at an arbitrary number of metalevels, not necessarily two. Proposers of multilevel modelling claim this leads to simpler model descriptions in some situations, although its applicability has been scarcely evaluated. Thus, practitioners may find it difficult to discern when to use it and how to implement multilevel solutions in practice.  In this article, we discuss those situations where the use of multilevel modelling is beneficial, and identify recurring patterns and idioms. Moreover, in order to assess how often the identified patterns arise in practice, we have analysed a wide range of existing two-level DSMLs from different sources and domains, to detect when their elements could be rearranged in more than two metalevels. The results show this scenario is not uncommon, while in some application domains (like software architecture and enterprise/process modelling) pervasive, with a high average number of pattern occurrences per metamodel.
Keywords: Model-driven engineering, domain-specific modelling languages, metamodelling, metamodelling patterns, multilevel modeling (ID#: 15-6250)
URL: http://doi.acm.org/10.1145/2685615

Gerwin Klein, June Andronick, Kevin Elphinstone, Toby Murray, Thomas Sewell, Rafal Kolanski, Gernot Heiser; “Comprehensive Formal Verification of an OS Microkernel,” ACM Transactions on Computer Systems (TOCS), Volume 32 Issue 1, February 2014, Article No. 2. doi:10.1145/2560537
Abstract: We present an in-depth coverage of the comprehensive machine-checked formal verification of seL4, a general-purpose operating system microkernel.  We discuss the kernel design we used to make its verification tractable. We then describe the functional correctness proof of the kernel’s C implementation and we cover further steps that transform this result into a comprehensive formal verification of the kernel: a formally verified IPC fastpath, a proof that the binary code of the kernel correctly implements the C semantics, a proof of correct access-control enforcement, a proof of information-flow noninterference, a sound worst-case execution time analysis of the binary, and an automatic initialiser for user-level systems that connects kernel-level access-control enforcement with reasoning about system behaviour. We summarise these results and show how they integrate to form a coherent overall analysis, backed by machine-checked, end-to-end theorems. The seL4 microkernel is currently not just the only general-purpose operating system kernel that is fully formally verified to this degree. It is also the only example of formal proof of this scale that is kept current as the requirements, design and implementation of the system evolve over almost a decade. We report on our experience in maintaining this evolving formally verified code base.
Keywords: Isabelle/HOL, L4, microkernel, operating systems, seL4 (ID#: 15-6251)
URL:  http://doi.acm.org/10.1145/2560537

Kai Pan, Xintao Wu, Tao Xie; “Guided Test Generation for Database Applications via Synthesized Database Interactions,” ACM Transactions on Software Engineering and Methodology (TOSEM), Volume 23, Issue 2, March 2014, Article No. 12. doi:10.1145/2491529
Abstract: Testing database applications typically requires the generation of tests consisting of both program inputs and database states. Recently, a testing technique called Dynamic Symbolic Execution (DSE) has been proposed to reduce manual effort in test generation for software applications. However, applying DSE to generate tests for database applications faces various technical challenges. For example, the database application under test needs to physically connect to the associated database, which may not be available for various reasons. The program inputs whose values are used to form the executed queries are not treated symbolically, posing difficulties for generating valid database states or appropriate database states for achieving high coverage of query-result-manipulation code. To address these challenges, in this article, we propose an approach called SynDB that synthesizes new database interactions to replace the original ones from the database application under test. In this way, we bridge various constraints within a database application: query-construction constraints, query constraints, database schema constraints, and query-result-manipulation constraints. We then apply a state-of-the-art DSE engine called Pex for .NET from Microsoft Research to generate both program inputs and database states. The evaluation results show that tests generated by our approach can achieve higher code coverage than existing test generation approaches for database applications.
Keywords: Automatic test generation, database application testing, dynamic symbolic execution, synthesized database interactions (ID#: 15-6252)
URL:  http://doi.acm.org/10.1145/2491529

Akshay Dua, Nirupama Bulusu, Wu-Chang Feng, Wen Hu; “Combating Software and Sybil Attacks to Data Integrity in Crowd-Sourced Embedded Systems,” ACM Transactions on Embedded Computing Systems (TECS) - Special Issue on Risk and Trust in Embedded Critical Systems, Special Issue on Real-Time, Embedded and Cyber-Physical Systems, Special Issue on Virtual Prototyping of Parallel and Embedded Systems (ViPES), Volume 13 Issue 5s, November 2014, Article No. 154. doi:10.1145/2629338
Abstract: Crowd-sourced mobile embedded systems allow people to contribute sensor data, for critical applications, including transportation, emergency response and eHealth. Data integrity becomes imperative as malicious participants can launch software and Sybil attacks modifying the sensing platform and data. To address these attacks, we develop (1) a Trusted Sensing Peripheral (TSP) enabling collection of high-integrity raw or aggregated data, and participation in applications requiring additional modalities; and (2) a Secure Tasking and Aggregation Protocol (STAP) enabling aggregation of TSP trusted readings by untrusted intermediaries, while efficiently detecting fabricators. Evaluations demonstrate that TSP and STAP are practical and energy-efficient.
Keywords: Trust, critical systems, crowd-sourced sensing, data integrity, embedded systems, mobile computing, security (ID#: 15-6253)
URL: http://doi.acm.org/10.1145/2629338

Robert M. Hierons; “Combining Centralised and Distributed Testing,” ACM Transactions on Software Engineering and Methodology (TOSEM), Volume 24 Issue 1, September 2014, Article No. 5. doi:10.1145/2661296
Abstract: Many systems interact with their environment at distributed interfaces (ports) and sometimes it is not possible to place synchronised local testers at the ports of the system under test (SUT). There are then two main approaches to testing: having independent local testers or a single centralised tester that interacts asynchronously with the SUT. The power of using independent testers has been captured using implementation relation dioco. In this article, we define implementation relation diococ for the centralised approach and prove that dioco and diococ are incomparable. This shows that the frameworks detect different types of faults and so we devise a hybrid framework and define an implementation relation diocos for this. We prove that the hybrid framework is more powerful than the distributed and centralised approaches. We then prove that the Oracle problem is NP-complete for diococ and diocos but can be solved in polynomial time if we place an upper bound on the number of ports. Finally, we consider the problem of deciding whether there is a test case that is guaranteed to force a finite state model into a particular state or to distinguish two states, proving that both problems are undecidable for the centralised and hybrid frameworks.
Keywords: Centralised testing, distributed testing, model-based testing (ID#: 15-6254)
URL: http://doi.acm.org/10.1145/2661296

Ming Xia, Yabo Dong, Wenyuan Xu, Xiangyang Li, Dongming Lu; “MC²: Multimode User-Centric Design of Wireless Sensor Networks for Long-Term Monitoring,” ACM Transactions on Sensor Networks (TOSN), Volume 10, Issue 3, April 2014, Article No. 52. doi:10.1145/2509856
Abstract: Real-world, long-running wireless sensor networks (WSNs) require intense user intervention in the development, hardware testing, deployment, and maintenance stages. A majority of network design is network centric and focuses primarily on network performance, for example, efficient sensing and reliable data delivery. Although several tools have been developed to assist debugging and fault diagnosis, it is yet to systematically examine the underlying heavy burden that users face throughout the lifetime of WSNs. In this article, we propose a general Multimode user-CentriC (MC²) framework that can, with simple user inputs, adjust itself to assist user operation and thus reduce the users’ burden at various stages. In particular, we have identified utilities that are essential at each stage and grouped them into modes. In each mode, only the corresponding utilities will be loaded, and modes can be easily switched using the customized MC² sensor platform. As such, we reduce the runtime interference between various utilities and simplify their development as well as their debugging. We validated our MC² software and the sensor platform in a long-lived microclimate monitoring system deployed at a wildland heritage site, Mogao Grottoes. In our current system, 241 sensor nodes have been deployed in 57 caves, and the network has been running for over five years. Our experimental validation shows that the MC² framework shortens the time for network deployment and maintenance, and makes network maintenance doable by field experts (in our case, historians).
Keywords: MC² framework, Wireless sensor networks, user-centric design (ID#: 15-6255)
URL: http://doi.acm.org/10.1145/2509856  

Lihua Huang, Sulin Ba, Xianghua Lu; “Building Online Trust in a Culture of Confucianism: The Impact of Process Flexibility and Perceived Control,” ACM Transactions on Management Information Systems (TMIS), Volume 5, Issue 1, April 2014, Article No. 4.  doi:10.1145/2576756
Abstract: The success of e-commerce companies in a Confucian cultural context takes more than advanced IT and process design that have proven successful in Western countries. The example of eBay’s failure in China indicates that earning the trust of Chinese consumers is essential to success, yet the process of building that trust requires something different from that in the Western culture. This article attempts to build a theoretical model to explore the relationship between the Confucian culture and online trust. We introduce two new constructs, namely process flexibility and perceived control, as particularly important factors in online trust formation in the Chinese cultural context. A survey was conducted to test the proposed theoretical model. This study offers a new explanation for online trust formation in the Confucian context. The findings of this article can provide guidance for companies hoping to successfully navigate the Chinese online market in the future.
Keywords: Confucianism, culture, e-commerce, online market, perceived control, process flexibility, trust (ID#: 15-6256)
URL:  http://doi.acm.org/10.1145/2576756

Amit Zoran, Roy Shilkrot, Suranga Nanyakkara, Joseph Paradiso; “The Hybrid Artisans: A Case Study in Smart Tools,” ACM Transactions on Computer-Human Interaction (TOCHI), Volume 21, Issue 3, June 2014, Article No. 15.  doi:10.1145/2617570
Abstract: We present an approach to combining digital fabrication and craft, demonstrating a hybrid interaction paradigm where human and machine work in synergy. The FreeD is a hand-held digital milling device, monitored by a computer while preserving the makers freedom to manipulate the work in many creative ways. Relying on a pre-designed 3D model, the computer gets into action only when the milling bit risks the objects integrity, preventing damage by slowing down the spindle speed, while the rest of the time it allows complete gestural freedom. We present the technology and explore several interaction methodologies for carving. In addition, we present a user study that reveals how synergetic cooperation between human and machine preserves the expressiveness of manual practice. This quality of the hybrid territory evolves into design personalization. We conclude on the creative potential of open-ended procedures within this hybrid interactive territory of manual smart tools and devices.
Keywords: (not provided) (ID#: 15-6257)
URL:  http://doi.acm.org/10.1145/2617570
 

---

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

---

Software Assurance, 2014, Part 2

 

	Software Assurance, 2014 Part 2

Software assurance is an essential element in the development of scalable and composable systems. For a complete system to be secure, each subassembly must be secure. The research work cited here was presented in 2014.

---

Luis Angel D. Bathen, Nikil D. Dutt; “Embedded RAIDs-on-Chip for Bus-Based Chip-Multiprocessors,” ACM Transactions on Embedded Computing Systems (TECS) — Regular Papers, Volume 13, Issue 4, November 2014, Article No. 83. doi:10.1145/2533316
Abstract: The dual effects of larger die sizes and technology scaling, combined with aggressive voltage scaling for power reduction, increase the error rates for on-chip memories. Traditional on-chip memory reliability techniques (e.g., ECC) incur significant power and performance overheads. In this article, we propose a low-power-and-performance-overhead Embedded RAID (E-RAID) strategy and present Embedded RAIDs-on-Chip (E-RoC), a distributed dynamically managed reliable memory subsystem for bus-based Chip-Multiprocessors. E-RoC achieves reliability through redundancy by optimizing RAID-like policies tuned for on-chip distributed memories. We achieve on-chip reliability of memories through the use of Distributed Dynamic ScratchPad Allocatable Memories (DSPAMs) and their allocation policies. We exploit aggressive voltage scaling to reduce power consumption overheads due to parallel DSPAM accesses, and rely on the E-RoC Manager to automatically handle any resulting voltage-scaling-induced errors. We demonstrate how E-RAIDs can further enhance the fault tolerance of traditional memory reliability approaches by designing E-RAID levels that exploit ECC. Finally, we show the power and flexibility of the E-RoC concept by showing the benefits of having a heterogeneous E-RAID levels that fit each application’s needs (fault tolerance, power/energy, performance).  Our experimental results on CHStone/Mediabench II benchmarks show that our E-RAID levels converge to 100% error-free data rates much faster than traditional ECC approaches. Moreover, E-RAID levels that exploit ECC can guarantee 99.9% error-free data rates at ultra low Vdd on average, where as traditional ECC approaches were able to attain at most 99.1% error-free data rates. We observe an average of 22% dynamic power consumption increase by using traditional ECC approaches with respect to the baseline (non-voltage scaled SPMs), whereas our E-RAID levels are able to save dynamic power consumption by an average of 27% (w.r.t. the same non-voltage scaled SPMs baseline), while incurring worst-case 2% higher performance overheads than traditional ECC approaches. By voltage scaling the memories, we see that traditional ECC approaches are able to save static energy by 6.4% (average), where as our E-RAID approaches achieve 23.4% static energy savings (average). Finally, we observe that mixing E-RAID levels allows us to further reduce the dynamic power consumption by up to 55.5% at the cost of an average 5.6% increase in execution time over traditional approaches.
Keywords: Information assurance, chip-multiprocessors, embedded systems, policy, scratchpad memory, security, virtualization (ID#: 15-6258)
URL: http://doi.acm.org/10.1145/2533316

Haibo Zeng, Marco Di Natale, Qi Zhu; “Minimizing Stack and Communication Memory Usage in Real-Time Embedded Applications,” ACM Transactions on Embedded Computing Systems (TECS) - Special Issue on Risk and Trust in Embedded Critical Systems, Special Issue on Real-Time, Embedded and Cyber-Physical Systems, Special Issue on Virtual Prototyping of Parallel and Embedded Systems (ViPES), Volume 13, Issue 5s, November 2014, Article No. 149. doi:10.1145/2632160
Abstract: In the development of real-time embedded applications, especially those on systems-on-chip, an efficient use of RAM memory is as important as the effective scheduling of the computation resources. The protection of communication and state variables accessed by concurrent tasks must provide real-time schedulability guarantees while using the least amount of memory. Several schemes, including preemption thresholds, have been developed to improve schedulability and save stack space by selectively disabling preemption. However, the design synthesis problem is still open. In this article, we target the assignment of the scheduling parameters to minimize memory usage for systems of practical interest, including designs compliant with automotive standards. We propose algorithms either proven optimal or shown to improve on randomized optimization methods like simulated annealing.
Keywords: Preemption threshold scheduling, data synchronization mechanism, memory usage, stack requirement (ID#: 15-6259)
URL: http://doi.acm.org/10.1145/2632160 

Peng Li, Debin Gao, Michael K. Reiter; “StopWatch: A Cloud Architecture for Timing Channel Mitigation,” ACM Transactions on Information and System Security (TISSEC), Volume 17, Issue 2, November 2014, Article No. 8. doi:10.1145/2670940
Abstract: This article presents StopWatch, a system that defends against timing-based side-channel attacks that arise from coresidency of victims and attackers in infrastructure-as-a-service clouds. StopWatch triplicates each cloud-resident guest virtual machine (VM) and places replicas so that the three replicas of a guest VM are coresident with nonoverlapping sets of (replicas of) other VMs. StopWatch uses the timing of I/O events at a VM’s replicas collectively to determine the timings observed by each one or by an external observer, so that observable timing behaviors are similarly likely in the absence of any other individual, coresident VMs. We detail the design and implementation of StopWatch in Xen, evaluate the factors that influence its performance, demonstrate its advantages relative to alternative defenses against timing side channels with commodity hardware, and address the problem of placing VM replicas in a cloud under the constraints of StopWatch so as to still enable adequate cloud utilization.
Keywords: Timing channels, clouds, replication, side channels, virtualization (ID#: 15-6260)
URL: http://doi.acm.org/10.1145/2670940 

Wei Hu, Dejun Mu, Jason Oberg, Baolei Mao, Mohit Tiwari, Timothy Sherwood, Ryan Kastner; “Gate-Level Information Flow Tracking for Security Lattices,” ACM Transactions on Design Automation of Electronic Systems (TODAES), Volume 20, Issue 1, November 2014, Article No. 2. doi:10.1145/2676548
Abstract: High-assurance systems found in safety-critical infrastructures are facing steadily increasing cyber threats. These critical systems require rigorous guarantees in information flow security to prevent confidential information from leaking to an unclassified domain and the root of trust from being violated by an untrusted party. To enforce bit-tight information flow control, gate-level information flow tracking (GLIFT) has recently been proposed to precisely measure and manage all digital information flows in the underlying hardware, including implicit flows through hardware-specific timing channels. However, existing work in this realm either restricts to two-level security labels or essentially targets two-input primitive gates and several simple multilevel security lattices. This article provides a general way to expand the GLIFT method for multilevel security. Specifically, it formalizes tracking logic for an arbitrary Boolean gate under finite security lattices, presents a precise tracking logic generation method for eliminating false positives in GLIFT logic created in a constructive manner, and illustrates application scenarios of GLIFT for enforcing multilevel information flow security. Experimental results show various trade-offs in precision and performance of GLIFT logic created using different methods. It also reveals the area and performance overheads that should be expected when expanding GLIFT for multilevel security.
Keywords: High-assurance system, formal method, gate-level information flow tracking, hardware security, multilevel security, security lattice (ID#: 15-6261)
URL:  http://doi.acm.org/10.1145/2676548 

Huang-Ming Huang, Christopher Gill, Chenyang Lu; “Implementation and Evaluation of Mixed-Criticality Scheduling Approaches for Sporadic Tasks,” ACM Transactions on Embedded Computing Systems (TECS) - Special Issue on Real-Time and Embedded Technology and Applications, Domain-Specific Multicore Computing, Cross-Layer Dependable Embedded Systems, and Application of Concurrency to System Design (ACSD), Volume 13, Issue 4s, July 2014, Article No. 126. doi:10.1145/2584612
Abstract: Traditional fixed-priority scheduling analysis for periodic and sporadic task sets is based on the assumption that all tasks are equally critical to the correct operation of the system. Therefore, every task has to be schedulable under the chosen scheduling policy, and estimates of tasks’ worst-case execution times must be conservative in case a task runs longer than is usual. To address the significant underutilization of a system’s resources under normal operating conditions that can arise from these assumptions, several mixed-criticality scheduling approaches have been proposed. However, to date, there have been few quantitative comparisons of system schedulability or runtime overhead for the different approaches.  In this article, we present a side-by-side implementation and evaluation of the known mixed-criticality scheduling approaches, for periodic and sporadic mixed-criticality tasks on uniprocessor systems, under a mixed-criticality scheduling model that is common to all these approaches. To make a fair evaluation of mixed-criticality scheduling, we also address previously open issues and propose modifications to improve particular approaches. Our empirical evaluations demonstrate that user-space implementations of mechanisms to enforce different mixed-criticality scheduling approaches can be achieved atop Linux without kernel modification, with reasonably low (but in some cases nontrivial) overhead for mixed-criticality real-time task sets.
Keywords: Real-time systems, mixed-criticality scheduling (ID#: 15-6262)
URL:  http://doi.acm.org/10.1145/2584612 

Dionisio De Niz, Lutz Wrage, Anthony Rowe, Ragunathan (Raj) Rajkumar; “Utility-Based Resource Overbooking for Cyber-Physical Systems,” ACM Transactions on Embedded Computing Systems (TECS) - Special Issue on Risk and Trust in Embedded Critical Systems, Special Issue on Real-Time, Embedded and Cyber-Physical Systems, Special Issue on Virtual Prototyping of Parallel and Embedded Systems (ViPES), Volume 13, Issue 5s, November 2014, Article No. 162. doi:10.1145/2660497
Abstract: Traditional hard real-time scheduling algorithms require the use of the worst-case execution times to guarantee that deadlines will be met. Unfortunately, many algorithms with parameters derived from sensing the physical world suffer large variations in execution time, leading to pessimistic overall utilization, such as visual recognition tasks. In this article, we present ZS-QRAM, a scheduling approach that enables the use of flexible execution times and application-derived utility to tasks in order to maximize total system utility. In particular, we provide a detailed description of the algorithm, the formal proofs for its temporal protection, and a detailed, evaluation. Our evaluation uses the Utility Degradation Resilience (UDR) showing that ZS-QRAM is able to obtain 4× as much UDR as ZSRM, a previous overbooking approach, and almost 2× as much UDR as Rate-Monotonic with Period Transformation (RM/TP). We then evaluate a Linux kernel module implementation of our scheduler on an Unmanned Air Vehicle (UAV) platform. We show that, by using our approach, we are able to keep the tasks that render the most utility by degrading lower-utility ones even in the presence of highly dynamic execution times.
Keywords: Real-time scheduling, mixed-criticality systems, quality of service, unmanned aerial vehicles, utility functions (ID#: 15-6263)
URL:  http://doi.acm.org/10.1145/2660497 

William Enck, Peter Gilbert, Seungyeop Han, Vasant Tendulkar, Byung-Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, Anmol N. Sheth; “TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones,” ACM Transactions on Computer Systems (TOCS), Volume 32, Issue 2, June 2014,  Article No. 5. doi:10.1145/2619091
Abstract: Today’s smartphone operating systems frequently fail to provide users with visibility into how third-party applications collect and share their private data. We address these shortcomings with TaintDroid, an efficient, system-wide dynamic taint tracking and analysis system capable of simultaneously tracking multiple sources of sensitive data. TaintDroid enables realtime analysis by leveraging Android’s virtualized execution environment. TaintDroid incurs only 32% performance overhead on a CPU-bound microbenchmark and imposes negligible overhead on interactive third-party applications. Using TaintDroid to monitor the behavior of 30 popular third-party Android applications, in our 2010 study we found 20 applications potentially misused users’ private information; so did a similar fraction of the tested applications in our 2012 study. Monitoring the flow of privacy-sensitive data with TaintDroid provides valuable input for smartphone users and security service firms seeking to identify misbehaving applications.
Keywords: Information-flow tracking, mobile apps, privacy monitoring, smartphones (ID#: 15-6264)
URL: http://doi.acm.org/10.1145/2619091 

Reinhard Schneider, Dip Goswami, Samarjit Chakraborty, Unmesh Bordoloi, Petru Eles, Zebo Peng; “Quantifying Notions of Extensibility in FlexRay Schedule Synthesis,” ACM Transactions on Design Automation of Electronic Systems (TODAES), Volume 19 Issue 4, August 2014, Article No. 32. doi:10.1145/2647954
Abstract: FlexRay has now become a well-established in-vehicle communication bus at most original equipment manufacturers (OEMs) such as BMW, Audi, and GM. Given the increasing cost of verification and the high degree of crosslinking between components in automotive architectures, an incremental design process is commonly followed. In order to incorporate FlexRay-based designs in such a process, the resulting schedules must be extensible, that is: (i) when messages are added in later iterations, they must preserve deadline guarantees of already scheduled messages, and (ii) they must accommodate as many new messages as possible without changes to existing schedules. Apart from extensible scheduling having not received much attention so far, traditional metrics used for quantifying them cannot be trivially adapted to FlexRay schedules. This is because they do not exploit specific properties of the FlexRay protocol. In this article we, for the first time, introduce new notions of extensibility for FlexRay that capture all the protocol-specific properties. In particular, we focus on the dynamic segment of FlexRay and we present a number of metrics to quantify extensible schedules. Based on the introduced metrics, we propose strategies to synthesize extensible schedules and compare the results of different scheduling algorithms. We demonstrate the applicability of the results with industrial-size case studies and also show that the proposed metrics may also be visually represented, thereby allowing for easy interpretation.
Keywords: FlexRay, automotive, extensibility, schedule synthesis (ID#: 15-6265)
URL: http://doi.acm.org/10.1145/2647954 

Bin Ren, Todd Mytkowicz, Gagan Agrawal; “A Portable Optimization Engine for Accelerating Irregular Data-Traversal Applications on SIMD Architectures,” ACM Transactions on Architecture and Code Optimization (TACO), Volume 11, Issue 2, June 2014, Article No. 16. doi:10.1145/2632215
Abstract: Fine-grained data parallelism is increasingly common in the form of longer vectors integrated with mainstream processors (SSE, AVX) and various GPU architectures. This article develops support for exploiting such data parallelism for a class of nonnumeric, nongraphic applications, which perform computations while traversing many independent, irregular data structures. We address this problem by developing several novel techniques. First, for code generation, we develop an intermediate language for specifying such traversals, followed by a runtime scheduler that maps traversals to various SIMD units. Second, we observe that good data locality is crucial to sustained performance from SIMD architectures, whereas many applications that operate on irregular data structures (e.g., trees and graphs) have poor data locality. To address this challenge, we develop a set of data layout optimizations that improve spatial locality for applications that traverse many irregular data structures. Unlike prior data layout optimizations, our approach incorporates a notion of both interthread and intrathread spatial reuse into data layout. Finally, we enable performance portability (i.e., the ability to automatically optimize applications for different architectures) by accurately modeling the impact of inter- and intrathread locality on program performance. As a consequence, our model can predict which data layout optimization to use on a wide variety of SIMD architectures.  To demonstrate the efficacy of our approach and optimizations, we first show how they enable up to a 12X speedup on one SIMD architecture for a set of real-world applications. To demonstrate that our approach enables performance portability, we show how our model predicts the optimal layout for applications across a diverse set of three real-world SIMD architectures, which offers as much as 45% speedup over a suboptimal solution.
Keywords: Irregular data structure, SIMD, fine-grained parallelism (ID#: 15-6266)
URL:  http://doi.acm.org/10.1145/2632215 

Ghassan O. Karame, Aurélien Francillon, Victor Budilivschi, Srdjan Čapkun, Vedran Čapkun; “Microcomputations as Micropayments in Web-based Services,” ACM Transactions on Internet Technology (TOIT), Volume 13, Issue 3, May 2014, Article No. 8. doi:10.1145/2611526
Abstract: In this article, we propose a new micropayment model for nonspecialized commodity web-services based on microcomputations. In our model, a user that wishes to access online content (offered by a website) does not need to register or pay to access the website; instead, he will accept to run microcomputations on behalf of the service provider in exchange for access to the content. These microcomputations can, for example, support ongoing computing projects that have clear social benefits (e.g., projects relating to medical research) or can contribute towards commercial computing projects. We analyze the security and privacy of our proposal and we show that it preserves the privacy of users. We argue that this micropayment model is economically and technically viable and that it can be integrated in existing distributed computing frameworks (e.g., the BOINC platform). In this respect, we implement a prototype of a system based on our model and we deploy our prototype on Amazon Mechanical Turk to evaluate its performance and usability given a large number of users. Our results show that our proposed scheme does not affect the browsing experience of users and is likely to be used by a non-trivial proportion of users. Finally, we empirically show that our scheme incurs comparable bandwidth and CPU consumption to the resource usage incurred by online advertisements featured in popular websites.
Keywords: Distributed computing, Monetization, microcomputations, micropayments, privacy (ID#: 15-6267)
URL:  http://doi.acm.org/10.1145/2611526 

David Basin, Cas Cremers; “Know Your Enemy: Compromising Adversaries in Protocol Analysis,” ACM Transactions on Information and System Security (TISSEC), Volume 17, Issue 2, November 2014,  Article No. 7. doi:10.1145/2658996
Abstract: We present a symbolic framework, based on a modular operational semantics, for formalizing different notions of compromise relevant for the design and analysis of cryptographic protocols. The framework’s rules can be combined to specify different adversary capabilities, capturing different practically-relevant notions of key and state compromise. The resulting adversary models generalize the models currently used in different domains, such as security models for authenticated key exchange. We extend an existing security-protocol analysis tool, Scyther, with our adversary models. This extension systematically supports notions such as weak perfect forward secrecy, key compromise impersonation, and adversaries capable of state-reveal queries. Furthermore, we introduce the concept of a protocol-security hierarchy, which classifies the relative strength of protocols against different adversaries.  In case studies, we use Scyther to analyse protocols and automatically construct protocol-security hierarchies in the context of our adversary models. Our analysis confirms known results and uncovers new attacks. Additionally, our hierarchies refine and correct relationships between protocols previously reported in the cryptographic literature.
Keywords: Security protocols, adversary models, automated analysis, threat models (ID#: 15-6268)
URL:  http://doi.acm.org/10.1145/2658996 

Songqing Chen, Lei Liu, Xinyuan Wang, Xinwen Zhang, Zhao Zhang; “A Host-Based Approach for Unknown Fast-Spreading Worm Detection and Containment,” ACM Transactions on Autonomous and Adaptive Systems (TAAS) - Special Section on Best Papers from SEAMS 2012, Volume 8, Issue 4, January 2014, Article No. 21. doi:10.1145/2555615
Abstract: The fast-spreading worm, which immediately propagates itself after a successful infection, is becoming one of the most serious threats to today’s networked information systems. In this article, we present WormTerminator, a host-based solution for fast Internet worm detection and containment with the assistance of virtual machine techniques based on the fast-worm defining characteristic. In WormTerminator, a virtual machine cloning the host OS runs in parallel to the host OS. Thus, the virtual machine has the same set of vulnerabilities as the host. Any outgoing traffic from the host is diverted through the virtual machine. If the outgoing traffic from the host is for fast worm propagation, the virtual machine should be infected and will exhibit worm propagation pattern very quickly because a fast-spreading worm will start to propagate as soon as it successfully infects a host. To prove the concept, we have implemented a prototype of WormTerminator and have examined its effectiveness against the real Internet worm Linux/Slapper. Our empirical results confirm that WormTerminator is able to completely contain worm propagation in real-time without blocking any non-worm traffic. The major performance cost of WormTerminator is a one-time delay to the start of each outgoing normal connection for worm detection. To reduce the performance overhead, caching is utilized, through which WormTerminator will delay no more than 6% normal outgoing traffic for such detection on average.
Keywords: WormTerminator, polymorphic worms, virtual machine, worm containment, zero-day worms (ID#: 15-6269)
URL:  http://doi.acm.org/10.1145/2555615 

Min Y. Mun, Donnie H. Kim, Katie Shilton, Deborah Estrin, Mark Hansen, Ramesh Govindan; “PDVLoc: A Personal Data Vault for Controlled Location Data Sharing,” ACM Transactions on Sensor Networks (TOSN), Volume 10, Issue 4, June 2014, Article No. 58. doi:10.1145/2523820
Abstract: Location-Based Mobile Service (LBMS) is one of the most popular smartphone services. LBMS enables people to more easily connect with each other and analyze the aspects of their lives. However, sharing location data can leak people’s privacy. We present PDVLoc, a controlled location data-sharing framework based on selectively sharing data through a Personal Data Vault (PDV). A PDV is a privacy architecture in which individuals retain ownership of their data. Data are routinely filtered before being shared with content-service providers, and users or data custodian services can participate in making controlled data-sharing decisions. Introducing PDVLoc gives users flexible and granular access control over their location data. We have implemented a prototype of PDVLoc and evaluated it using real location-sharing social networking applications, Google Latitude and Foursquare. Our user study of 19 participants over 20 days shows that most users find that PDVLoc is useful to manage and control their location data, and are willing to continue using PDVLoc.
Keywords: Location-based mobile service, personal data vault, privacy, selective sharing, system (ID#: 15-6270)
URL: http://doi.acm.org/10.1145/2523820 

Wolf-Bastian Pöttner, Hans Seidel, James Brown, Utz Roedig, Lars Wolf; “Constructing Schedules for Time-Critical Data Delivery in Wireless Sensor Networks,” ACM Transactions on Sensor Networks (TOSN), Volume 10, Issue 3, April 2014, Article No. 44. doi:10.1145/2494528
Abstract: Wireless sensor networks for industrial process monitoring and control require highly reliable and timely data delivery. To match performance requirements, specialised schedule based medium access control (MAC) protocols are employed. In order to construct an efficient system, it is necessary to find a schedule that can support the given application requirements in terms of data delivery latency and reliability. Furthermore, additional requirements such as transmission power may have to be taken into account when constructing the schedule. In this article, we show how such schedule can be constructed. We describe methods and tools to collect the data necessary as input for schedule calculation. Moreover, due to the high complexity of schedule calculation, we also introduce a heuristic. We evaluate the proposed methods in a real-world process automation and control application deployed in an oil refinery and further present a long-term experiment in an office environment. Additionally, we discuss a framework for schedule life-cycle management.
Keywords: Reliability, WSAN, WSN, schedule, scheduling, timeliness, wireless sensor and actor network, wireless sensor network (ID#: 15-6271)
URL: http://doi.acm.org/10.1145/2494528 

Michael Sirivianos, Kyungbaek Kim, Jian Wei Gan, Xiaowei Yang; “Leveraging Social Feedback to Verify Online Identity Claims,” ACM Transactions on the Web (TWEB), Volume 8, Issue 2, March 2014, Article No. 9. doi:10.1145/2543711
Abstract: Anonymity is one of the main virtues of the Internet, as it protects privacy and enables users to express opinions more freely. However, anonymity hinders the assessment of the veracity of assertions that online users make about their identity attributes, such as age or profession. We propose FaceTrust, a system that uses online social networks to provide lightweight identity credentials while preserving a user’s anonymity. FaceTrust employs a “game with a purpose” design to elicit the opinions of the friends of a user about the user’s self-claimed identity attributes, and uses attack-resistant trust inference to assign veracity scores to identity attribute assertions. FaceTrust provides credentials, which a user can use to corroborate his assertions. We evaluate our proposal using a live Facebook deployment and simulations on a crawled social graph. The results show that our veracity scores are strongly correlated with the ground truth, even when dishonest users make up a large fraction of the social network and employ the Sybil attack.
Keywords: (ID#: 15-6272)
URL: http://doi.acm.org/10.1145/2543711  

 
Mingqiang Li, Patrick P. C. Lee; “STAIR Codes: A General Family of Erasure Codes for Tolerating Device and Sector Failures,” ACM Transactions on Storage (TOS) - Special Issue on Usenix Fast 2014, Volume 10, Issue 4, October 2014, Article No. 14. doi:10.1145/2658991
Abstract: Practical storage systems often adopt erasure codes to tolerate device failures and sector failures, both of which are prevalent in the field. However, traditional erasure codes employ device-level redundancy to protect against sector failures, and hence incur significant space overhead. Recent sector-disk (SD) codes are available only for limited configurations. By making a relaxed but practical assumption, we construct a general family of erasure codes called STAIR codes, which efficiently and provably tolerate both device and sector failures without any restriction on the size of a storage array and the numbers of tolerable device failures and sector failures. We propose the upstairs encoding and downstairs encoding methods, which provide complementary performance advantages for different configurations. We conduct extensive experiments on STAIR codes in terms of space saving, encoding/decoding speed, and update cost. We demonstrate that STAIR codes not only improve space efficiency over traditional erasure codes, but also provide better computational efficiency than SD codes based on our special code construction. Finally, we present analytical models that characterize the reliability of STAIR codes, and show that the support of a wider range of configurations by STAIR codes is critical for tolerating sector failure bursts discovered in the field.
Keywords: Erasure codes, device failures, reliability analysis, sector failures (ID#: 15-6273)
URL:  http://doi.acm.org/10.1145/2658991 

Chia-Heng Tu, Hui-Hsin Hsu, Jen-Hao Chen, Chun-Han Chen, Shih-Hao Hung; “Performance and Power Profiling for Emulated Android Systems,” ACM Transactions on Design Automation of Electronic Systems (TODAES), Volume 19, Issue 2, March 2014, Article No. 10. doi:10.1145/2566660
Abstract: Simulation is a common approach for assisting system design and optimization. For system-wide optimization, energy and computational resources are often the two most critical issues. Monitoring the energy state of each hardware component and measuring the time spent in each state is needed for accurate energy and performance prediction. For software optimization, it is important to profile the energy and the time consumed by each software construct in a realistic operating environment with a proper workload. However, the conventional approaches of simulation often fail to produce satisfying data. First, building a cycle-accurate simulation environment for a complex system, such as an Android smartphone, is difficult and can take a long time. Second, a slow simulation can significantly alter the behavior of multithreaded, I/O-intensive applications and can affect the accuracy of profiles. Third, existing software-based profilers generally do not work on simulators, which makes it difficult for performance analysis of complicated software, for example, Java applications executed by the Dalvik VM in an Android system.  To address these aforementioned problems, we proposed and prototyped a framework, called virtual performance analyzer (VPA). VPA takes advantage of an existing emulator or virtual machine monitor to reduce the complexity of building a simulator. VPA allows the user to selectively and incrementally integrate timing models and power models into the emulator with our carefully designed performance/power monitors, tracing facility, and profiling tools to evaluate and analyze the emulated system. The emulated system can perform at different levels of speed to help verify if the profile data are impacted by the emulation speed. Finally, VPA supports existing software-based profiles and enables non-intrusive tracing/profiling by minimizing the probe effect. Our experimental results show that the VPA framework allows users to quickly establish a performance/power evaluation environment and gather useful information to support system design and software optimization for Android smartphones.
Keywords: Android system emulation, full system emulation, performance profiling, performance tracing, power model, timing estimation (ID#: 15-6274)
URL:  http://doi.acm.org/10.1145/2566660 

Amit Chakrabarti, Graham Cormode, Andrew Mcgregor, Justin Thaler; “Annotations in Data Streams,” ACM Transactions on Algorithms (TALG), Volume 11, Issue 1, October 2014, Article No. 7. doi:10.1145/2636924
Abstract: The central goal of data stream algorithms is to process massive streams of data using sublinear storage space. Motivated by work in the database community on outsourcing database and data stream processing, we ask whether the space usage of such algorithms can be further reduced by enlisting a more powerful “helper” that can annotate the stream as it is read. We do not wish to blindly trust the helper, so we require that the algorithm be convinced of having computed a correct answer. We show upper bounds that achieve a nontrivial tradeoff between the amount of annotation used and the space required to verify it. We also prove lower bounds on such tradeoffs, often nearly matching the upper bounds, via notions related to Merlin-Arthur communication complexity. Our results cover the classic data stream problems of selection, frequency moments, and fundamental graph problems such as triangle-freeness and connectivity. Our work is also part of a growing trend—including recent studies of multipass streaming, read/write streams, and randomly ordered streams—of asking more complexity-theoretic questions about data stream processing. It is a recognition that, in addition to practical relevance, the data stream model raises many interesting theoretical questions in its own right.
Keywords: Interactive proof, annotations, data streams (ID#: 15-6275)
URL:  http://doi.acm.org/10.1145/2636924 

Andrew F. Tappenden, James Miller; “Automated Cookie Collection Testing,” ACM Transactions on Software Engineering and Methodology (TOSEM), Volume 23, Issue 1, February 2014, Article No. 3. doi:10.1145/2559936
Abstract: Cookies are used by over 80% of Web applications utilizing dynamic Web application frameworks. Applications deploying cookies must be rigorously verified to ensure that the application is robust and secure. Given the intense time-to-market pressures faced by modern Web applications, testing strategies that are low cost and automatable are required. Automated Cookie Collection Testing (CCT) is presented, and is empirically demonstrated to be a low-cost and highly effective automated testing solution for modern Web applications. Automatable test oracles and evaluation metrics specifically designed for Web applications are presented, and are shown to be significant diagnostic tests. Automated CCT is shown to detect faults within five real-world Web applications. A case study of over 580 test results for a single application is presented demonstrating that automated CCT is an effective testing strategy. Moreover, CCT is found to detect security bugs in a Web application released into full production.
Keywords: Cookies, Web application testing, adaptive random testing, automated testing, software testing, test generation, test strategies (ID#: 15-6276)
URL:  http://doi.acm.org/10.1145/2559936 
 

---

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

---

Taint Analysis, 2014

 

	Taint Analysis 2014

 

Taint analysis is an important method for analyzing software to determine possible paths for exploitation. As such, it relates to the problems of composability and metrics. The work cited here was published in 2014.

---

Yadegari, B.; Debray, S., “Bit-Level Taint Analysis,” Source Code Analysis and Manipulation (SCAM), 2014 IEEE 14th International Working Conference on, vol., no., pp. 255, 264, 28-29 Sept. 2014. doi:10.1109/SCAM.2014.43
Abstract: Taint analysis has a wide variety of applications in software analysis, making the precision of taint analysis an important consideration. Current taint analysis algorithms, including previous work on bit-precise taint analyses, suffer from shortcomings that can lead to significant loss of precision (under/over tainting) in some situations. This paper discusses these limitations of existing taint analysis algorithms, shows how they can lead to imprecise taint propagation, and proposes a generalization of current bit-level taint analysis techniques to address these problems and improve their precision. Experiments using a deobfuscation tool indicate that our enhanced taint analysis algorithm leads to significant improvements in the quality of deobfuscation.
Keywords: data flow analysis; bit-level taint analysis; bit-precise taint analysis; deobfuscation tool; software analysis; taint analysis algorithms; taint propagation; Algorithm design and analysis; Data handling; Heuristic algorithms; Performance analysis; Registers; Semantics; Standards; Program Understanding; Reverse Engineering; Taint Analysis (ID#: 15-)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6975659&isnumber=6975619 

Junhyoung Kim; TaeGuen Kim; Eul Gyu Im, “Survey of Dynamic Taint Analysis,” Network Infrastructure and Digital Content (IC-NIDC), 2014 4th IEEE International Conference on, vol., no., pp. 269, 272, 19-21 Sept. 2014. doi:10.1109/ICNIDC.2014.7000307
Abstract: Dynamic taint analysis (DTA) is to analyze execution paths that an attacker may use to exploit a system. Dynamic taint analysis is a method to analyze executable files by tracing information flow without source code. DTA marks certain inputs to program as tainted, and then propagates values operated with tainted inputs. Due to the increased popularity of dynamic taint analysis, there have been a few recent research approaches to provide a generalized tainting infrastructure. In this paper, we introduce some approaches of dynamic taint analysis, and analyze their approaches. Lam and Chiueh’s approach proposed a method that instruments code to perform taint marking and propagation. DYTAN considers three dimensions: taint source, propagation policies, taint sink. These dimensions make DYTAN to be more general framework for dynamic taint analysis. DTA++ proposes an idea to vanilla dynamic taint analysis that propagates additional taints along with targeted control dependencies. Control dependency causes results of taint analysis to have decreased accuracies. To improve accuracies, DTA++ showed that data transformation containing implicit flows should propagate properly to avoid under-tainting.
Keywords: data flow analysis; security of data; system monitoring; DTA++; DYTAN; attacker; control dependency; data transformation; dynamic taint analysis; executable files; execution paths; generalized tainting infrastructure; information flow tracing; propagation policies; taint marking; taint propagation; taint sink; taint source; Accuracy; Computer security; Instruments; Performance analysis; Software; Testing; dynamic taint analysis (ID#: 15-6636)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7000307&isnumber=7000253

Jinxin Ma; Puhan Zhang; Guowei Dong; Shuai Shao; Jiangxiao Zhang, “TWalker: An Efficient Taint Analysis Tool,” Information Assurance and Security (IAS), 2014 10th International Conference on, vol., no., pp. 18, 22, 28-30 Nov. 2014. doi:10.1109/ISIAS.2014.7064628
Abstract: The taint analysis method is usually effective for vulnerabilities detection. Existing works mostly care about the accuracy of taint propagation, not considering the time cost. We proposed a novel method to improve the efficiency of taint propagation with indices. Based our method, we have implemented TWalker, an effective vulnerabilities detection tool that enables easy data flow analysis of the real world programs, providing faster taint analysis than other existing works. TWalker has four properties: first, it works directly on the programs without source code; second, it monitors the program’s execution and records its necessary context; third, it delivers fine-grained taint analysis, providing fast taint propagation with indices; fourth, it could detect vulnerabilities effectively based on two security property rules. We have evaluated TWalker with several real world programs and compared it with a typical taint analysis tool. The experimental results show that our tool could perform taint propagation much faster than other tool, having better ability for vulnerabilities detection.
Keywords: data flow analysis; security of data; TWalker; efficient taint analysis tool; fine grained taint analysis; program execution; security property rules; taint propagation; vulnerabilities detection; Context; Indexes; Monitoring; Software; indices; security property; taint analysis; trace (ID#: 15-6637)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7064628&isnumber=7064614

Lokhande, B.; Dhavale, S., “Overview of Information Flow Tracking Techniques Based on Taint Analysis for Android,” Computing for Sustainable Global Development (INDIACom), 2014 International Conference on, vol., no., pp. 749, 753, 5-7 March 2014. doi:10.1109/IndiaCom.2014.6828062
Abstract: Smartphones today are ubiquitous source of sensitive information. Information leakage instances on the smartphones are on the rise because of exponential growth in smartphone market. Android is the most widely used operating system on smartphones. Many information flow tracking and information leakage detection techniques are developed on Android operating system. Taint analysis is commonly used data flow analysis technique which tracks the flow of sensitive information and its leakage. This paper provides an overview of existing Information flow tracking techniques based on the Taint analysis for android applications. It is observed that static analysis techniques look at the complete program code and all possible paths of execution before its run, whereas dynamic analysis looks at the instructions executed in the program-run in the real time. We provide in depth analysis of both static and dynamic taint analysis approaches.
Keywords: Android (operating system); data flow analysis; smart phones; Android; Information leakage instances; data flow analysis technique; dynamic analysis; dynamic taint analysis approaches; exponential smartphone market growth; information flow tracking techniques; information leakage detection techniques; program code; program-run; static analysis techniques; static taint analysis approaches; Androids; Humanoid robots; Operating systems; Privacy; Real-time systems; Security; Smart phones; Android Operating System; Mobile Security; static and dynamic taint analysis (ID#: 15-6638)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6828062&isnumber=6827395

Gen Li; Ying Zhang; Shuang-xi Wang; Kai Lu, “Online Taint Propagation Analysis with Precise Pointer-to Analysis for Detecting Bugs in Binaries,” High Performance Computing and Communications, 2014 IEEE 6th Int’l Symposium on Cyberspace Safety and Security, 2014 IEEE 11th Int’l Conference on Embedded Software and Systems (HPCC,CSS,ICESS), 2014 IEEE International Conference on, vol., no., pp. 778, 784, 20-22 Aug. 2014. doi:10.1109/HPCC.2014.130
Abstract: Dynamic test generation approach is becoming increasingly popular to find security vulnerabilities in software, and is applied to detect bugs in binaries. However, the existing such systems adopt offline symbolic analysis and execution, based on program execution trace which includes the flow of execution instructions and the operand values, with all pointers or indirect memory access replaced by their execution values. And this yields two fatal problems: first, all symbolic information of pointers or indirect memory access is missing, secondly, the symbolic information of other variables is not accurate, especially for variables operated with pointers. We propose an approach, online taint propagation analysis for finding fatal bugs for pre-release software in binaries, and implement a systematic automatic dynamic test generation system, Hunter, for binary software testing. Our system implements accurate analysis by online taint propagation analysis and online byte-precise points-to analysis, thus online finding unknown high-priority fatal bugs that must be fixed immediately at a pre-release stage in binaries. The effectiveness of the techniques approach are both validated by revealing many fatal bugs in both benchmarks and large real world applications.
Keywords: program debugging; program testing; security of data; Hunter; automatic dynamic test generation system; binary software testing; bugs detection; dynamic test generation approach; online byte-precise point-to analysis; online taint propagation analysis; program execution trace; software security vulnerability; symbolic analysis; symbolic execution; Benchmark testing; Binary codes; Computer bugs; Layout; Security; Software; online byte-precise point-to analysis; symbolic taint analysis; taint-oriented online analysis (ID#: 15-6639)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7056832&isnumber=7056577

Zhang Puhan; Wu Jianxiong; Wang Xin; Zehui Wu, "Program Crash Analysis Based on Taint Analysis,” P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC), 2014 Ninth International Conference on, vol., no., pp. 492, 498, 8-10 Nov. 2014. doi:10.1109/3PGCIC.2014.100
Abstract: Software exception analysis can not only improve software stability before putting into commercial, but also could optimize the priority of patch updates subsequently. We propose a more practical software exception analysis approach based on taint analysis, from the view that whether an exception of the software can be exploited by an attacker. It first identifies the type of exceptions, then do taint analysis on the trace that between the program entry point to exception point, and recording taint information of memory set and registers. It finally gives the result by integrating the above recording and the subsequent instructions analysis. We implement this approach to our exception analysis framework ExpTracer, and do the evaluation with some exploitable/un-exploitable exceptions which shows that our approach is more accurate in identifying exceptions compared with current tools.
Keywords: exception handling; program diagnostics; ExpTracer; exception point; exploitable exceptions; memory set; patch update priority optimization; program crash analysis; program entry point; registers; software exception analysis; software stability; subsequent instruction analysis; taint analysis; unexploitable exceptions; Algorithm design and analysis; Computer crashes; Instruments; Optimization; Personnel; Registers; Software; Software engineering; crash analysis; exception classification (ID#: 15-6640)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7024634&isnumber=7024297

Ping Wang; Wun Jie Chao; Kuo-Ming Chao; Chi-Chun Lo, “Using Taint Analysis for Threat Risk of Cloud Applications,” e-Business Engineering (ICEBE), 2014 IEEE 11th International Conference on, vol., no., pp. 185, 190, 5-7 Nov. 2014. doi:10.1109/ICEBE.2014.40
Abstract: Most existing approaches to developing cloud applications using threat analysis involve program vulnerability analyses for identifying the security holes associated with malware attacks. New malware attacks can bypass firewall-based detection by bypassing stack protection and by using Hypertext Transfer Protocol logging, kernel hacks, and library hack techniques, and to the cloud applications. In performing threat analysis for unspecified malware attacks, software engineers can use a taint analysis technique for tracking information flows between attack sources (malware) and detect vulnerabilities of targeted network applications. This paper proposes a threat risk analysis model incorporating an improved attack tree analysis scheme for solving the mobile security problem, in the model, Android programs perform taint checking to analyse the risks posed by suspicious applications. In probabilistic risk analysis, defence evaluation metrics are used for each attack path for assisting a defender simulate the attack results against malware attacks and estimate the impact losses. Finally, a case of threat analysis of a typical cyber security attack is presented to demonstrate the proposed approach.
Keywords: Android (operating system); firewalls; hypermedia; invasive software; mobile computing; program diagnostics; risk analysis; trees (mathematics); Android programs; attack sources; cloud applications; cyber security attack; defence evaluation metrics; firewall-based detection; hypertext transfer protocol logging; improved attack tree analysis scheme; information flow tracking; kernel hacks; library hack techniques; malware attacks; mobile security problem; probabilistic risk analysis; program vulnerability analysis; security holes; software engineers; stack protection; taint analysis technique; taint checking; threat analysis; threat risk analysis model; Analytical models; Malware; Measurement; Probabilistic logic; Risk analysis; Software; Attack defence tree; Cyber attacks; Taint checking; Threat; analysis (ID#: 15-6641)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6982078&isnumber=6982037

Meijian Li; Wang, Yongjun; Xie, Peidai; Zhijian Huang, “Reverse Analysis of Secure Communication Protocol Based on Taint Analysis,” Communications Security Conference (CSC 2014), 2014, vol., no., pp. 1, 8, 22-24 May 2014. doi:10.1049/cp.2014.0729
Abstract: To maintain communications confidentiality, security protocols are widely used in more and more network applications. Moreover, some malwares even leverage these kinds of protocols to evade inspection by IDS. Most security protocols are designed and verified by formalized methods; however, observation shows that protocol implementations commonly contain flaws or vulnerabilities. Therefore, research on reverse engineering of security protocols can play an important role in improving the security of network applications, especially by providing another way to fight against malwares. Nevertheless, previous protocol reverse engineering technologies, which are based on analysis of network traces, encounter great challenges when the network messages transmitted between different protocol principals are encrypted. This paper proposes a taint analysis based method, which aims to infer the message format from dynamic execution of security protocol applications. The proposed approach is based on the observation that the process of message parsing in cryptographic protocol applications reveals rich information about the hierarchical structures and semantics of their messages. Hence, by observing calls to library function and instruction execution in network programs, the proposed approach can reverse derive large amount of information about their protocol, such as message format and protocol model, even the communication is encrypted. Experiments show that the reverse analysis results not only accurately identify message fields, but also unveil the structure of the encrypted message fields.
Keywords: Dynamic-Binary-Analysis; Protocol-Format; Protocol-Reverse-Engineering; Security-Protocol; Taint-Analysis (ID#: 15-6642)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6992222&isnumber=6919880

Ki-Jin Eom; Choong-Hyun Choi; Joon-Young Paik; Eun-Sun Cho, “An Efficient Static Taint-Analysis Detecting Exploitable-Points on ARM Binaries,” Reliable Distributed Systems (SRDS), 2014 IEEE 33rd International Symposium on, vol., no., pp. 345, 346, 6-9 Oct. 2014. doi:10.1109/SRDS.2014.66
Abstract: This paper aims to differentiate benign vulnerabilities from those used by cyber-attacks, based on STA (Static TaintAnalysis.) To achieve this goal, the proposed STA determines if a crash is from severe vulnerabilities, after analyzing related exploitable-points in ARM binaries. We envision that the proposed analysis would reduce the complexity of analysis, by making use of CPA (Constant Propagation Analysis) and runtime information of crash points.
Keywords: program diagnostics; security of data; ARM binaries; CPA; STA; benign vulnerabilities; constant propagation analysis; cyber-attacks; exploitable-points detection; runtime information; static taint-analysis; Reliability; ARM binary; IDA Pro plug-in; crash point; data flow analysis; exploitable; reverse engineering; taint Analysis (ID#: 15-6643)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6983415&isnumber=6983362

Schutte, J.; Titze, D.; de Fuentes, J.M., “AppCaulk: Data Leak Prevention by Injecting Targeted Taint Tracking into Android Apps,” Trust, Security and Privacy in Computing and Communications (TrustCom), 2014 IEEE 13th International Conference on, vol., no., pp. 370, 379, 24-26 Sept. 2014. doi:10.1109/TrustCom.2014.48
Abstract: As Android is entering the business domain, leaks of business-critical and personal information through apps become major threats. Due to the context-insensitive nature of the Android permission model, information flow policies cannot be enforced by on-board mechanisms. We therefore propose AppCaulk, an approach to harden any existing Android app by injecting a targeted dynamic taint analysis, which tracks and blocks unwanted information flows at runtime. Critical data flows are first discovered using a static taint analysis and the relevant data propagation paths are instrumented by a taint tracking code at register level. At runtime the dynamic taint analysis woven into the app detects and blocks data leaks as they are about to occur. In contrast to existing taint analysis approaches like Taint droid, AppCaulk does not require modification of the Android middleware and can thus be applied to any stock Android installation. In this paper, we explain the design of AppCaulk, describe the evaluation of its prototype, and compare its effectiveness with Taintdroid.
Keywords: Android (operating system); authorisation; middleware; Android apps; Android middleware; AppCaulk; Taintdroid; business domain; business-critical information leaks; context-insensitive Android permission model; critical data flows; data leak blockage; data leak detection; data leak prevention; data propagation paths; dynamic taint analysis; information flow blockage; information flow policies; information flow tracking; personal information leaks; register level; static taint analysis; stock Android installation; taint tracking code; targeted dynamic taint tracking analysis; Androids; Humanoid robots; Instruments; Middleware; Registers; Runtime; Smart phones; Android; information flow; instrumentation; taint analysis (ID#: 15-6644)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7011272&isnumber=7011202

Jun Cai; Shangfei Yang; Jinquan Men; Jun He, “Automatic Software Vulnerability Detection Based on Guided Deep Fuzzing,” Software Engineering and Service Science (ICSESS), 2014 5th IEEE International Conference on, vol., no., pp. 231, 234, 27-29 June 2014. doi:10.1109/ICSESS.2014.6933551
Abstract: Software security has become a very import part of information security in recent years. Fuzzing has proven successful in finding software vulnerabilities which are one major cause of information security incidents. However, the efficiency of traditional fuzz testing tools is usually very poor due to the blindness of test generation. In this paper, we present Sword, an automatic fuzzing system for software vulnerability detection, which combines fuzzing with symbolic execution and taint analysis techniques to tackle the above problem. Sword first uses symbolic execution to collect program execution paths and their corresponding constrains, then uses taint analysis to check these paths, the most dangerous paths which most likely lead to vulnerabilities will be further deep fuzzed. Thus, with the guidance of symbolic execution and taint analysis, Sword generates test cases most likely to trigger potential vulnerabilities lying deep in applications.
Keywords: program diagnostics; program testing; security of data; Sword; automatic fuzzing system; automatic software vulnerability detection; guided deep fuzzing; information security; software security; symbolic execution; taint analysis technique; Databases; Engines; Information security; Monitoring; Software; Software testing; fuzzing; software vulnerability detection; taint analysis (ID#: 15-6645)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6933551&isnumber=6933501

Wei Lin; Jinlong Fei; Yuefei Zhu; Xiaolong Shi, “A Method of Multiple Encryption and Sectional Encryption Protocol Reverse Engineering,” Computational Intelligence and Security (CIS), 2014 Tenth International Conference on, vol., no., pp. 420, 424, 15-16 Nov. 2014. doi:10.1109/CIS.2014.114
Abstract: Research on unknown network protocol reverse engineering is of great significance in many network security applications. Currently most of methods are limited in analyzing plain-text protocols, and a few of method can partly analyze the encryption protocol which is powerless for multiple encryption protocol or sectional encryption protocol. This paper proposes a method of encrypted protocol reverse engineering based on dynamic taint analysis. The method uses Pin to record executed instructions, and then conducts off-line analysis of the data dependencies to build two taint propagation graphs on instruction and function level, then recover the decryption process. The decrypted plaintext can be located due to the decryption process feature. And then, the format of protocol can be parsed. Experiments show that the method can accurately locate the decrypted protocol data of the multiple encryption and sectional encryption protocol, and restore the original format.
Keywords: computer network security; cryptographic protocols; reverse engineering; Pin; data dependencies; decryption process feature; dynamic taint analysis; encryption protocol reverse engineering; executed instructions; function level; instruction level; network security applications; offline analysis; plain-text protocols; plaintext decryption process; sectional encryption protocol; taint propagation graphs; unknown network protocol reverse engineering; Encryption; Flow graphs; Memory management; Protocols; Reverse engineering; decryption process recovering Introduction; multiple encryption; sectional encryption (ID#: 15-6646)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7016930&isnumber=7016831

Rawat, S.; Mounier, L.; Potet, M.-L., “LiSTT: An Investigation into Unsound-Incomplete Yet Practical Result Yielding Static Taintflow Analysis,” Availability, Reliability and Security (ARES), 2014 Ninth International Conference on, vol., no., pp. 498, 505, 8-12 Sept. 2014. doi:10.1109/ARES.2014.74
Abstract: Vulnerability analysis is an important component of software assurance practices. One of its most challenging issues is to find software flaws that could be exploited by malicious users. A necessary condition is the existence of some tainted information flow between tainted input sources and vulnerable functions. Finding the existence of such a taint flow dynamically is an expensive and nondeterministic process. On the other hand, though static analysis may explore (theoretically) all the tainted paths, scalability is an issue, especially in the view of complete- and soundness. In this paper, we explore the possibilities of making static analysis scalable, by compromising its complete- and soundness properties and yet making it effective in detecting taint flows that lead to vulnerability exploitation. This technique is based on a combination of call graph slicing and data-flow analysis. A prototype tool has been developed, and we give experimental results showing that this approach is effective on large applications.
Keywords: data flow analysis; program testing; security of data; software fault tolerance; LiSTT; call graph slicing; complete properties; data-flow analysis; malicious users; security testing; software assurance practices; software flaws; soundness properties; static taintflow analysis; taint flows detection; tainted information flow; tainted input sources; tainted paths; vulnerability analysis; vulnerable functions; Binary codes; Complexity theory; Context; Scalability; Security; Software; Testing; Security testing (assurance); binary code; program chopping; static taint analysis (ID#: 15-6647)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6980324&isnumber=6980232

Gupta, M.K.; Govil, M.C.; Singh, G., “A Context-Sensitive Approach for Precise Detection of Cross-Site Scripting Vulnerabilities,” Innovations in Information Technology (INNOVATIONS), 2014 10th International Conference on, vol., no., pp. 7, 12, 9-11 Nov. 2014. doi:10.1109/INNOVATIONS.2014.6987553
Abstract: Currently, dependence on web applications is increasing rapidly for social communication, health services, financial transactions and many other purposes. Unfortunately, the presence of cross-site scripting vulnerabilities in these applications allows malicious user to steals sensitive information, install malware, and performs various malicious operations. Researchers proposed various approaches and developed tools to detect XSS vulnerability from source code of web applications. However, existing approaches and tools are not free from false positive and false negative results. In this paper, we propose a taint analysis and defensive programming based HTML context-sensitive approach for precise detection of XSS vulnerability from source code of PHP web applications. It also provides automatic suggestions to improve the vulnerable source code. Preliminary experiments and results on test subjects show that proposed approach is more efficient than existing ones.
Keywords: Internet; hypermedia markup languages; invasive software; source code (software); Web application; XSS vulnerability; cross-site scripting vulnerability; defensive programming based HTML context-sensitive approach; financial transaction; health services; malicious operation; malicious user; malware; precise detection; sensitive information; social communication; source code; taint analysis; Browsers; Context; HTML; Security; Servers; Software; Standards; Cross-Site Scripting; Software Development Life Cycle; Taint Analysis; Vulnerability Detection; XSS Attacks (ID#: 15-6648)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6987553&isnumber=6985764

Short, A.; Feng Li, “Android Smartphone Third Party Advertising Library Data Leak Analysis,” Mobile Ad Hoc and Sensor Systems (MASS), 2014 IEEE 11th International Conference on, vol., no., pp. 749, 754, 28-30 Oct. 2014. doi:10.1109/MASS.2014.131
Abstract: Android has many security flaws that are being exploited by malicious developers. Common malware includes many different kinds of behaviors; from complicated root exploits — to simple private data leakage via explicit permissions. The security features that have been put in place by the Android developers have proven to be insufficient and incapable of preventing malware from proliferating through official and unofficial repositories. Private data leakage has become a popular topic because of the sheer number of applications that request the various permissions to access mobile device’s private data and an influx of general privacy concerns amongst the Android community.
Keywords: authorisation; data privacy; invasive software; smart phones; Android smartphone third party advertising library data leak analysis; malware; mobile device private data access; official repositories; private data leakage; security flaws; unofficial repositories; Advertising; Fingerprint recognition; Libraries; Malware; Smart phones; Testing; taint analysis; data leaks; advertising libraries; malware evasion; Droidbox (ID#: 15-6649)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7035776&isnumber=7035647

Peng Li; Guodong Li; Gopalakrishnan, G., “Practical Symbolic Race Checking of GPU Programs,” High Performance Computing, Networking, Storage and Analysis, SC14: International Conference for, vol., no., pp. 179, 190, 16-21 Nov. 2014. doi:10.1109/SC.2014.20
Abstract: Even the careful GPU programmer can inadvertently introduce data races while writing and optimizing code. Currently available GPU race checking methods fall short either in terms of their formal guarantees, ease of use, or practicality. Existing symbolic methods: (1) do not fully support existing CUDA kernels, (2) may require user-specified assertions or invariants, (3) often require users to guess which inputs may be safely made concrete, (4) tend to explode in complexity when the number of threads is increased, and (5) explode in the face of thread-ID based decisions, especially in a loop. We present SESA, a new tool combining Symbolic Execution and Static Analysis to analyze C++ CUDA programs that overcomes all these limitations. SESA also scales well to handle non-trivial benchmarks such as Parboil and Lonestar, and is the only tool of its class that handles such practical examples. This paper presents SESA’s methodological innovations and practical results.
Keywords: C++ language; graphics processing units; parallel architectures; program diagnostics; C++ CUDA program; CUDA kernel; GPU program; Lonestar; Parboil; SESA; static analysis; symbolic execution; symbolic race checking; thread-ID based decision; Concrete; Graphics processing units; History; Indexes; Instruction sets; Kernel; Schedules; CUDA; Data Flow Analysis; Formal Verification; GPU; Parallelism; Symbolic Execution; Taint Analysis; Virtual Machine (ID#: 15-6650)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7013002&isnumber=7012182

Gupta, M.K.; Govil, M.C.; Singh, G., “An Approach to Minimize False Positive in SQLI Vulnerabilities Detection Techniques Through Data Mining,” Signal Propagation and Computer Technology (ICSPCT), 2014 International Conference on, vol., no., pp. 407, 410, 12-13 July 2014. doi:10.1109/ICSPCT.2014.6884962
Abstract: Dependence on web applications is increasing very rapidly in recent time for social communications, health problem, financial transaction and many other purposes. Unfortunately, the presence of security weaknesses in web applications allows malicious user’s to exploit various security vulnerabilities and become the reason of their failure. Currently, SQL Injection (SQLI) attacks exploit most dangerous security vulnerabilities in various popular web applications i.e. eBay, Google, Facebook, Twitter etc. Research on taint based vulnerability detection has been quite intensive in the past decade. However, these techniques are not free from false positive and false negative results. In this paper, we propose an approach to minimize false positive in SQLI vulnerability detection techniques using data mining concepts. We have implemented a prototype tool for PHP, MySQL technologies and evaluated it on six real world applications and NIST Benchmarks. Our evaluation and comparison results show that proposed technique detects SQLI vulnerabilities with low percentage of false positives.
Keywords: Internet; SQL; data mining; security of data; social networking (online); software reliability; Facebook; Google; MySQL technology; PHP; SQL injection attack; SQLI vulnerability detection techniques; Twitter; data mining; eBay; false positive minimization; financial transaction; health problem; social communications; taint based vulnerability detection; Computers; Software; SQLI attack; SQLI vulnerability; false positive; input validation; sanitization; taint analysis (ID#: 15-6651)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6884962&isnumber=6884878

Zhang Puhan; Wu Jianxiong; Wang Xin; Wu Zehui, “Decrypted Data Detection Algorithm Based on Dynamic Dataflow Analysis,” Computer, Information and Telecommunication Systems (CITS), 2014 International Conference on, vol., no., pp. 1, 4, 7-9 July 2014. doi:10.1109/CITS.2014.6878965
Abstract: Cryptographic algorithm detection has received a lot of attentions in these days, whereas the method to detect decrypted data remains further research. A decrypted memory detection method using dynamic dataflow analysis is proposed in this paper. Based on the intuition that decrypted data is generated in the cryptographic function and the unique feature of decrypted data, by analyzing the parameter sets of cryptographic function, we propose a model based on the input and output of cryptographic function. Experimental results demonstrate that our approach can effectively detect decrypted memory.
Keywords: cryptography; data flow analysis; cryptographic algorithm detection; decrypted data; decrypted memory detection method; dynamic dataflow analysis; Algorithm design and analysis; Encryption; Heuristic algorithms; Software; Software algorithms; Cryptographic; Dataflow analysis; Decrypted memory; Taint analysis (ID#: 15-6652)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6878965&isnumber=6878950

Shao Shuai; Dong Guowei; Guo Tao; Yang Tianchang; Shi Chenjie, “Analysis on Password Protection in Android Applications,” P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC), 2014 Ninth International Conference on, vol., no., pp. 504, 507, 8-10 Nov. 2014. doi:10.1109/3PGCIC.2014.102
Abstract: Although there has been much research on the leakage of sensitive data in Android applications, most of the existing research focus on how to detect the malware or adware that are intentionally collecting user privacy. There are not much research on analyzing the vulnerabilities of apps that may cause the leakage of privacy. In this paper, we present a vulnerability analyzing method which combines taint analysis and cryptography misuse detection. The four steps of this method are decompile, taint analysis, API call record, cryptography misuse analysis, all of which steps except taint analysis can be executed by the existing tools. We develop a prototype tool PW Exam to analysis how the passwords are handled and if the app is vulnerable to password leakage. Our experiment shows that a third of apps are vulnerable to leak the users’ passwords.
Keywords: cryptography; data privacy; mobile computing; smart phones; API call record; Android applications; PW Exam; cryptography misuse analysis; cryptography misuse detection; decompile step; password leakage; password protection; taint analysis; user privacy; vulnerability analyzing method; Androids; Encryption; Humanoid robots; Privacy; Smart phones; Android apps; leakage; password; vulnerability (ID#: 15-6653)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7024636&isnumber=7024297

Bo Wu; Mengjun Li; Bin Zhang; Quan Zhang; Chaojing Tang, “Directed Symbolic Execution for Binary Vulnerability Mining,” Electronics, Computer and Applications, 2014 IEEE Workshop on, vol., no., pp. 614, 617, 8-9 May 2014. doi:10.1109/IWECA.2014.6845694
Abstract: Despite more than two decades of independent, academic, and industry-related research, software vulnerabilities remain the main reason that undermine the security of our systems. Taint analysis and symbolic execution are among the most promising approaches for vulnerability detection, but either one can't remit the problem separately. In this paper, we try to combine taint analysis and symbolic execution for binary vulnerability mining and proposed a method named directed symbolic execution. Our three-step approach firstly adopts dynamic taint analysis technology to identify the safety-related data, and then uses symbolic execution system to execute the binary software while marks those safety-related data as symbols, and finally discovers vulnerabilities with our check-model. The evaluation shows that our method can be used to detect vulnerabilities in binary software more efficiently.
Keywords: data mining; program diagnostics; security of data; software reliability; binary software; binary vulnerability mining; check-model; directed symbolic execution method; dynamic taint analysis technology; safety-related data identification; software vulnerability detection; Context; Protocols; Software; Symbolic Execution; Vulnerability detection; Vulnerability model (ID#: 15-6654)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6845694&isnumber=6845536

Mell, P.; Harang, R.E., “Using Network Tainting to Bound the Scope of Network Ingress Attacks,” Software Security and Reliability (SERE), 2014 Eighth International Conference on, vol., no., pp. 206, 215, June 30 2014–July 2 2014. doi:10.1109/SERE.2014.34
Abstract: This research describes a novel security metric, network taint, which is related to software taint analysis. We use it here to bound the possible malicious influence of a known compromised node through monitoring and evaluating network flows. The result is a dynamically changing defense-in-depth map that shows threat level indicators gleaned from monotonically decreasing threat chains. We augment this analysis with concepts from the complex networks research area in forming dynamically changing security perimeters and measuring the cardinality of the set of threatened nodes within them. In providing this, we hope to advance network incident response activities by providing a rapid automated initial triage service that can guide and prioritize investigative activities.
Keywords: network theory (graphs); security of data; defense-in-depth map; network flow evaluation; network flow monitoring; network incident response activities; network ingress attacks; network tainting metric; security metric; security perimeters; software taint analysis; threat level indicators; Algorithm design and analysis; Complex networks; Digital signal processing; Measurement; Monitoring; Security; Software; complex networks; network tainting; scale-free; security (ID#: 15-6655)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6895431&isnumber=6895396

Chenxiong Qian; Xiapu Luo; Yuru Shao; Chan, A.T.S., “On Tracking Information Flows through JNI in Android Applications,” Dependable Systems and Networks (DSN), 2014 44th Annual IEEE/IFIP International Conference on, vol., no., pp. 180, 191, 23-26 June 2014. doi:10.1109/DSN.2014.30
Abstract: Android provides native development kit through JNI for developing high-performance applications (or simply apps). Although recent years have witnessed a considerable increase in the number of apps employing native libraries, only a few systems can examine them. However, none of them scrutinizes the interactions through JNI in them. In this paper, we conduct a systematic study on tracking information flows through JNI in apps. More precisely, we first perform a large-scale examination on apps using JNI and report interesting observations. Then, we identify scenarios where information flows uncaught by existing systems can result in information leakage. Based on these insights, we propose and implement NDroid, an efficient dynamic taint analysis system for checking information flows through JNI. The evaluation through real apps shows NDroid can effectively identify information leaks through JNI with low performance overheads.
Keywords: Android (operating system); Java; Android applications; JNI; Java Native Interface; NDroid systems; high-performance applications; information flow tracking; Androids; Context; Engines; Games; Humanoid robots; Java; Libraries (ID#: 15-6656)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6903578&isnumber=6903544

Zhongyuan Qin; Yuqing Xu; Yuxing Di; Qunfang Zhang; Jie Huang, “Android Malware Detection Based on Permission and Behavior Analysis,” Cyberspace Technology (CCT 2014), International Conference on, vol., no., pp. 1, 4, 8-10 Nov. 2014. doi:10.1049/cp.2014.1352
Abstract: The development of mobile Internet and application store accelerates the spread of malicious applications on smartphones, especially on Android platform. In this paper, we propose an integrated Android malware detection scheme, combining permission and behavior analysis. For APK files which had been detected, their MD5 values are extracted as signature for detection. For APK files which had not been detected, detection is carried based on permission and behavior analysis. Behavior analysis contained taint propagation analysis and semantic analysis. Experiment results show that this system can detect the malware of privacy stealing and malicious deduction successfully.
Keywords: Internet; data privacy; invasive software; mobile computing; smart phones; APK files; MD5 value extraction; application store; behavior analysis; integrated Android malware detection scheme; mobile Internet development; permission analysis; propagation analysis; semantic analysis; smart phones; Android; behavior analysis; malware; permission (ID#: 15-6657)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7106851&isnumber=7085695 

Wenmin Xiao; Jianhua Sun; Hao Chen; Xianghua Xu, “Preventing Client Side XSS with Rewrite Based Dynamic Information Flow,” Parallel Architectures, Algorithms and Programming (PAAP), 2014 Sixth International Symposium on, vol., no., pp. 238, 243, 13-15 July 2014. doi:10.1109/PAAP.2014.10
Abstract: This paper presents the design and implementation of an information flow tracking framework based on code rewrite to prevent sensitive information leaks in browsers, combining the ideas of taint and information flow analysis. Our system has two main processes. First, it abstracts the semantic of JavaScript code and converts it to a general form of intermediate representation on the basis of JavaScript abstract syntax tree. Second, the abstract intermediate representation is implemented as a special taint engine to analyze tainted information flow. Our approach can ensure fine-grained isolation for both confidentiality and integrity of information. We have implemented a proof-of-concept prototype, named JSTFlow, and have deployed it as a browser proxy to rewrite web applications at runtime. The experiment results show that JSTFlow can guarantee the security of sensitive data and detect XSS attacks with about 3x performance overhead. Because it does not involve any modifications to the target system, our system is readily deployable in practice.
Keywords: Internet; Java; data flow analysis; online front-ends; security of data; JSTFlow; JavaScript abstract syntax tree; JavaScript code; Web applications; XSS attacks; abstract intermediate representation; browser proxy; browsers; client side XSS; code rewrite; fine-grained isolation; information flow tracking framework; performance overhead; rewrite based dynamic information flow; sensitive information leaks; taint engine; tainted information flow; Abstracts; Browsers; Data models; Engines; Security; Semantics; Syntactics; JavaScript; cross-site scripting; information flow analysis; information security; taint model (ID#: 15-6658)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6916471&isnumber=6916413
 

---

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

---

Zero-Day Exploits, Part 1

 

	Zero–Day Exploits Part 1

Zero–day exploits are a major research challenge in cybersecurity. Recent work on this subject has been conducted globally. The works cited here were presented in 2014 and early 2015.

---

Bazzi, A.; Onozato, Y., “Preventing Attacks in Real-Time through the Use of a Dummy Server,” Autonomous Decentralized Systems (ISADS), 2015 IEEE Twelfth International Symposium on, vol., no., pp. 236, 241, 25-27 March 2015. doi:10.1109/ISADS.2015.36
Abstract: Zero-day exploits against servers pose one of the most challenging problems faced by system and security administrators. Current solutions rely mainly on signature databases of known attacks and are not efficient at detecting new attacks not covered by their attack signature database. We propose using a dummy server, i.e. A mirror of the server to be protected but without the real data. Consequently, any incoming network packet is first tested against the dummy server and once it is ensured that the packet is benign, it is delivered to the real server. This would prevent all types of attacks, including those based on zero-day exploits, from reaching the protected server.
Keywords: program debugging; security of data; attack signature database; dummy server; network packet; zero-day exploits; Databases; IP networks; Intrusion detection; Routing protocols; Servers; Software (ID#: 15-6193)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7098265&isnumber=7098213

Mayo, Jackson R.; Armstrong, Robert C.; Hulette, Geoffrey C., “Digital System Robustness via Design Constraints: The Lesson of Formal Methods,” Systems Conference (SysCon), 2015 9th Annual IEEE International, vol., no., pp. 109, 114, 13-16 April 2015. doi:10.1109/SYSCON.2015.7116737
Abstract: Current programming languages and programming models make it easy to create software and hardware systems that fulfill an intended function but also leave such systems open to unintended function and vulnerabilities. Software engineering and code hygiene may make systems incrementally safer, but do not produce the wholesale change necessary for secure systems from the outset. Yet there exists an approach with impressive results: We cite recent examples showing that formal methods, coupled with formally informed digital design, have produced objectively more robust code even beyond the properties directly proven. Though discovery of zero-day vulnerabilities is almost always a surprise and powerful tools like semantic fuzzers can cover a larger search space of vulnerabilities than a developer can conceive of, formal models seem to produce robustness of a higher qualitative order than traditionally developed digital systems. Because the claim is necessarily a qualitative one, we illustrate similar results with an idealized programming language in the form of Boolean networks where we have control of parameters related to stability and adaptability. We argue that verifiability with formal methods is an instance of broader design constraints that promote robustness. We draw analogies to real-world programming models and languages that can be mathematically reasoned about in contrast to ones that are essentially undecidable.
Keywords: Computational modeling; Computer languages; Digital systems; Hardware; Programming; Robustness; Software; Digital design; complex systems; formal methods; programming models; robustness; security (ID#: 15-6194)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7116737&isnumber=7116715 

Kaur, R.; Singh, M., “Efficient Hybrid Technique for Detecting Zero-Day Polymorphic Worms,” Advance Computing Conference (IACC), 2014 IEEE International, vol., no., pp. 95, 100, 21-22 Feb. 2014. doi:10.1109/IAdCC.2014.6779301
Abstract: This paper presents an efficient technique for detecting zero-day polymorphic worms with almost zero false positives. Zero-day polymorphic worms not only exploit unknown vulnerabilities but also change their own representations on each new infection or encrypt their payloads using a different key per infection. Thus, there are many variations in the signatures for the same worm, making fingerprinting very difficult. With their ability to rapidly propagate, these worms increasingly threaten the Internet hosts and services. If these zero-day worms are not detected and contained at right time, they can potentially disable the Internet or can wreak serious havoc. So the detection of Zero-day polymorphic worms is of paramount importance.
Keywords: Internet; cryptography; digital signatures; invasive software; Internet hosts; encryption; fingerprinting; hybrid technique; signatures; unknown vulnerabilities; zero false positives; zero-day polymorphic worm detection; Algorithm design and analysis; Grippers; Internet; Malware; Payloads; Registers; Sensors; Zero-day attack; hybrid system; intrusion detection; polymorphic worm (ID#: 15-6195)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6779301&isnumber=6779283 

Holm, H., “Signature Based Intrusion Detection for Zero-Day Attacks: (Not) A Closed Chapter?,” System Sciences (HICSS), 2014 47th Hawaii International Conference on, vol., no., pp. 4895, 4904, 6-9 Jan. 2014. doi:10.1109/HICSS.2014.600
Abstract: A frequent claim that has not been validated is that signature based network intrusion detection systems (SNIDS) cannot detect zero-day attacks. This paper studies this property by testing 356 severe attacks on the SNIDS Snort, configured with an old official rule set. Of these attacks, 183 attacks are zero-days’ to the rule set and 173 attacks are theoretically known to it. The results from the study show that Snort clearly is able to detect zero-days’ (a mean of 17% detection). The detection rate is however on overall greater for theoretically known attacks (a mean of 54% detection). The paper then investigates how the zero-days’ are detected, how prone the corresponding signatures are to false alarms, and how easily they can be evaded. Analyses of these aspects suggest that a conservative estimate on zero-day detection by Snort is 8.2%.
Keywords: computer network security; digital signatures; SNIDS; false alarm; signature based network intrusion detection; zero day attacks; zero day detection; Computer architecture; Payloads; Ports (Computers); Reliability; Servers; Software; Testing; Computer security; NIDS; code injection; exploits (ID#: 15-6196)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6759203&isnumber=6758592 

Javed, A.; Akhlaq, M., “On the Approach of Static Feature Extraction in Trojans to Combat against Zero-Day Threats,” IT Convergence and Security (ICITCS), 2014 International Conference on, vol., no., pp. 1, 5, 28-30 Oct. 2014. doi:10.1109/ICITCS.2014.7021794
Abstract: Over the past few years, the enormous challenge ever faced by cyber space is to combat against cyber threats in the shape of malware attacks. Of these, Trojans stands out as the most common choice due to its deceptive and alluring properties. Most of the modern / sophisticated malwares are polymorphic in nature, thus signature / heuristics based techniques are becoming out of scope in outraging zero-day threats. By and large Trojan and its numerous variants have common static features which are always existent in such malwares. By exploiting this analogy, a set of features is determined by analyzing known samples which can be effectively plied for combating against zero-day attacks launched by means of unknown malicious codes.
Keywords: feature extraction; invasive software; Trojan; cyber space; malicious codes; malware attacks; signature-heuristics based techniques; static feature extraction; zero-day threats; Electronic mail; Feature extraction; Grippers; Software; Trojan horses (ID#: 15-6197)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7021794&isnumber=7021698 

Shahzad, K.; Woodhead, S., “Towards Automated Distributed Containment of Zero-Day Network Worms,” Computing, Communication and Networking Technologies (ICCCNT), 2014 International Conference on, vol., no., pp. 1, 7, 11-13 July 2014. doi:10.1109/ICCCNT.2014.6963119
Abstract: Worms are a serious potential threat to computer network security. The high potential speed of propagation of worms and their ability to self-replicate make them highly infectious. Zero-day worms represent a particularly challenging class of such malware, with the cost of a single worm outbreak estimated to be as high as US $2.6 Billion. In this paper, we present a distributed automated worm detection and containment scheme that is based on the correlation of Domain Name System (DNS) queries and the destination IP address of outgoing TCP SYN and UDP datagrams leaving the network boundary. The proposed countermeasure scheme also utilizes cooperation between different communicating scheme members using a custom protocol, which we term Friends. The absence of a DNS lookup action prior to an outgoing TCP SYN or UDP datagram to a new destination IP addresses is used as a behavioral signature for a rate limiting mechanism while the Friends protocol spreads reports of the event to potentially vulnerable uninfected peer networks within the scheme. To our knowledge, this is the first implementation of such a scheme. We conducted empirical experiments across six class C networks by using a Slammer-like pseudo-worm to evaluate the performance of the proposed scheme. The results show a significant reduction in the worm infection, when the countermeasure scheme is invoked.
Keywords: computer network security; digital signatures; invasive software; protocols; DNS queries; Friends protocol; Slammer-like pseudoworm; TCP SYN datagrams; UDP datagrams; automated distributed containment; behavioral signature; communicating scheme members; computer network security; countermeasure scheme; custom protocol; destination IP address; distributed automated worm detection; domain name system queries; malware; network boundary; rate limiting mechanism; six class C networks; worm infection reduction; zero-day network worms; Grippers; IP networks; Internet; Limiting; Malware; Routing protocols; countermeasure; malware; network worm; rate limiting (ID#: 15-6198)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6963119&isnumber=6962988 

Zolotukhin, M.; Hamalainen, T., “Detection of Zero-Day Malware Based on the Analysis of Opcode Sequences,” Consumer Communications and Networking Conference (CCNC), 2014 IEEE 11th, vol., no., pp. 386, 391, 10-13 Jan. 2014. doi:10.1109/CCNC.2014.6866599
Abstract: Today, rapid growth in the amount of malicious software is causing a serious global security threat. Unfortunately, widespread signature-based malware detection mechanisms are not able to deal with constantly appearing new types of malware and variants of existing ones, until an instance of this malware has damaged several computers or networks. In this research, we apply an anomaly detection approach which can cope with the problem of new malware detection. First, executable files are analyzed in order to extract operation code sequences and then n-gram models are employed to discover essential features from these sequences. A clustering algorithm based on the iterative usage of support vector machines and support vector data descriptions is applied to analyze feature vectors obtained and to build a benign software behavior model. Finally, this model is used to detect malicious executables within new files. The scheme proposed allows one to detect malware unseen previously. The simulation results presented show that the method results in a higher accuracy rate than that of the existing analogues.
Keywords: invasive software; iterative methods; pattern clustering; support vector machines; anomaly detection approach; benign software behavior model; clustering algorithm; global security threat; iterative usage; malicious software; n-gram models; opcode sequences analysis; operation code sequences; support vector data descriptions; support vector machines; widespread signature-based malware detection mechanism; zero-day malware detection; Feature extraction; Malware; Software; Software algorithms; Support vector machines; Training; Vectors (ID#: 15-6199)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6866599&isnumber=6866537 

Shahzad, K.; Woodhead, S., “A Pseudo-Worm Daemon (PWD) for Empirical Analysis of Zero-Day Network Worms and Countermeasure Testing,” Computing, Communication and Networking Technologies (ICCCNT), 2014 International Conference on, vol., no., pp. 1, 6, 11-13 July 2014. doi:10.1109/ICCCNT.2014.6963124
Abstract: The cyber epidemiological analysis of computer worms has emerged a key area of research in the field of cyber security. In order to understand the epidemiology of computer worms; a network daemon is required to empirically observe their infection and propagation behavior. The same facility can also be employed in testing candidate worm countermeasures. In this paper, we present the architecture and design of Pseudo-Worm Daemon; termed (PWD), which is designed to perform true random scanning and hit-list worm like functionality. The PWD is implemented as a proof-of-concept in C programming language. The PWD is platform independent and can be deployed on any host in an enterprise network. The novelty of this worm daemon includes; its UDP based propagation, a user-configurable random scanning pool, ability to contain a user defined hit-list, authentication before infecting susceptible hosts and efficient logging of time of infection. Furthermore, this paper presents experimentation and analysis of a Pseudo-Witty worm by employing the PWD with real Witty worm outbreak attributes. The results obtained by Pseudo-Witty worm outbreak are quite comparable to real Witty worm outbreak; which are further quantified by using the Susceptible Infected (SI) model.
Keywords: C language; invasive software; program testing; C programming language; PWD; UDP based propagation; computer worms; cyber epidemiological analysis; cyber security; enterprise network; hit-list worm like functionality; pseudo-witty worm outbreak; pseudo-worm daemon; random scanning functionality; susceptible infected model; user-configurable random scanning pool; worm countermeasure testing; worm infection behavior; worm propagation behavior; zero-day network worms; Computational modeling; Computer worms; Grippers; IP networks; Mathematical model; Servers; Silicon; cyber; hit-list; scanning; witty; worm (ID#: 15-6200)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6963124&isnumber=6962988 

Asif, M.K.; Al-Harthi, Y.S., “Intrusion Detection System Using Honey Token Based Encrypted Pointers to Mitigate Cyber Threats for Critical Infrastructure Networks,” Systems, Man and Cybernetics (SMC), 2014 IEEE International Conference on, vol., no., pp. 1266, 1270, 5-8 Oct. 2014. doi:10.1109/SMC.2014.6974088
Abstract: Recent advancements in cyberspace impose a greater threat to the security of critical infrastructure than ever before. The scale of damage that could be done on these infrastructures by well-planned cyber-attacks is enormous. Most of the research work done for the security of these critical infrastructures focuses on conventional security measures. In this paper, we designed an Intrusion Detection System (IDS) that is based on the novel approach of Honey Token based Encrypted Pointers to prevent critical infrastructure networks from cyber-attacks particularly from zero day cyber threats. These honey tokens inside the frame will serve as a trap for the attacker. All nodes operating within the working domain of critical infrastructure network are divided into four different pools. This division is based according to their computational power and level of vulnerability. These pools are provided with different levels of security measures within the network. IDS use different number of Honey Tokens (HT) per frame for every different pool. Moreover every pool uses different types of encryption schemes (AES-128,192,256) etc. We use critical infrastructure network of 64 nodes for our simulations. We analyzed the performance of IDS in terms of True Positive and False Negative Alarms. Finally we test this IDS through Network Penetration Testing (NPT). This NPT is accomplished by putting the critical infrastructure network of 64 nodes directly under the zero day cyber-attacks and then we analyze the behavior of the IDS under such realistic conditions. The IDS is designed in such a way that it not only detects the intrusions but also recovers the entire zero day attack using reverse engineering approach.
Keywords: computer network security; critical infrastructures; cryptography; reverse engineering; IDS; NPT; critical infrastructure networks; cyber-attacks; encryption schemes; false negative alarms; honey token based encrypted pointers; intrusion detection system; network penetration testing; reverse engineering approach; true positive alarms; zero day cyber threats; Databases; Encryption; Generators; Intrusion detection; Protocols; Critical Infrastructure Networks; Cyber Security; Cyber Space; Cyber Threats; Cyber Warfare; DNP3; Distributed Sensor Networks; Encrypted Pointers; Honey Token; Industrial Communication Protocol; Industrial Networks; Information Infrastructure; Information Security; Intelligence Infrastructure; Intrusion Detection System; SCADA Command and Control System; Zero Day Attacks (ID#: 15-6201)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6974088&isnumber=6973862

Tokhtabayev, A.G.; Aimyshev, B.; Seitkulov, Y., “tBox: A System to Protect a ‘Bad’ User from Targeted and User-Oriented Attacks,” Application of Information and Communication Technologies (AICT), 2014 IEEE 8th International Conference on, vol., no., pp. 1, 6, 15-17 Oct. 2014. doi:10.1109/ICAICT.2014.7035913
Abstract: We introduce tBox system that enables protection from targeted and user-oriented attacks. Such attacks relay on users mistakes such as misinterpreting or ignoring security alerts, which leads to proliferation of malicious objects inside trusted perimeter of cyber-security systems (e.g. exclusion list of AV). These attacks include strategic web compromise, spear phishing, insider threat and social network malware. Moreover, targeted attacks often deliver zero-day malware that is made difficult to be detected, e.g. due to distributed malicious payload. The tBox system allows for protecting even a "bad" user who does not cooperate with security products. To accomplish this, tBox seamlessly transfers user activity with vulnerable applications into specific virtual environment that provides three key factors: user-activity isolation, behavior self-monitoring and security inheritance for user-carried objects. To provide self-monitoring, our team developed a novel technology for deep dynamic analysis of system-wide behavior, which allows for run-time recognition of malicious functionalities including obfuscated and distributed ones. We evaluate the tBox prototype with corpus of real malware families. Results show high efficiency of tBox in detecting and blocking malware while having low system overhead.
Keywords: Internet; invasive software; behavior self-monitoring; cyber-security systems; distributed malicious payload; insider threat; security alerts; security inheritance; social network malware; spear phishing; strategic Web compromise; tBox system; targeted attacks; user-activity isolation; user-oriented attacks; zero-day malware; Browsers; Containers; Engines; Malware; Payloads; Software; Attacks on a User; Distributed malware; Targeted attacks; Threat isolation; Zero-day malware (ID#: 15-6202)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7035913&isnumber=7035893

Mirza, N.A.S.; Abbas, H.; Khan, F.A.; Al Muhtadi, J., “Anticipating Advanced Persistent Threat (APT) Countermeasures Using Collaborative Security Mechanisms,” Biometrics and Security Technologies (ISBAST), 2014 International Symposium on, vol., no., pp. 129, 132, 26-27 Aug. 2014. doi:10.1109/ISBAST.2014.7013108
Abstract: Information and communication security has gained significant importance due to its wide spread use, increased sophistication and complexity in its deployment. On the other hand, more sophisticated and stealthy techniques are being practiced by the intruder’s group to penetrate and exploit the technology and attack detection. One such treacherous threat to all critical assets of an organization is Advanced Persistent Threat (APT). Since APT attack vector is not previously known, consequently this can harm the organization’s assets before the patch for this security flaw is released/available. This paper presents a preliminary research effort to counter the APT or zero day attacks at an early stage by detecting malwares. Open Source version of Security Information and Event Management (SIEM) is used to detect denial of service attack launched through remote desktop service. The framework presented in this paper also shows the efficiency of the technique and it can be enhanced with more sophisticated mechanisms for APT attack detection.
Keywords: computational complexity; invasive software; public domain software; APT attack detection; APT attack vector; SIEM; advanced persistent threat countermeasures; collaborative security mechanisms; deployment complexity; information and communication security; malwares; open source version; organization assets; remote desktop service; security information and event management; stealthy techniques; zero day attacks; Intrusion detection; Kernel; Malware; Monitoring; Neural networks; Organizations; Advanced Persistent Threat; Security Information and Event Management; Zero Day Exploits (ID#: 15-6203)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7013108&isnumber=7013076 

Pandey, S.K.; Mehtre, B.M., “Performance of Malware Detection Tools: A Comparison,” Advanced Communication Control and Computing Technologies (ICACCCT), 2014 International Conference on, vol., no., pp. 1811,1817, 8-10 May 2014. doi:10.1109/ICACCCT.2014.7019422
Abstract: Malwares are a big threat to modern computer world. There are many tools and techniques for detecting malwares, like Intrusion Detection System, Firewalls and Virus scans etc. But malicious executables like unseen zero day malwares are still a major challenge. In this paper, we are going to present a performance comparison of existing tools and techniques for malware detection. In order to know the performance of malware detection tools, we have created a virtual Malware analysis lab using virtual box. We have taken 17 most commonly known malware detection tools and 29 malwares as a data set for our comparison. We have tested and analyzed the performance of malware detection tools on the basis of several parameters which are also shown graphically. It is found that the top three tools (based on certain parameters and the given data set) are the Regshot, Process Monitor and Process Explorer.
Keywords: computer viruses; firewalls; Regshot; firewalls; intrusion detection system; malicious executables; malware detection tools; process explorer; process monitor; unseen zero day malwares; virtual box; virtual malware analysis lab; virus scans; Cryptography; Firewalls (computing); Grippers; Immune system; Pattern matching; Trojan horses; Cyber Defense; Intrusion Detection System; Malicious executables; Malware; Malware Analysis; Zero Day Malwares (ID#: 15-6204)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7019422&isnumber=7019129 

Pandey, S.K.; Mehtre, B.M., “A Lifecycle Based Approach for Malware Analysis,” Communication Systems and Network Technologies (CSNT), 2014 Fourth International Conference on, vol., no., pp. 767, 771, 7-9 April 2014. doi:10.1109/CSNT.2014.161
Abstract: Most of the detection approaches like Signature based, Anomaly based and Specification based are not able to analyze and detect all types of malware. Signature-based approach for malware detection has one major drawback that it cannot detect zero-day attacks. The fundamental limitation of anomaly based approach is its high false alarm rate. And specification-based detection often has difficulty to specify completely and accurately the entire set of valid behaviors a malware should exhibit. Modern malware developers try to avoid detection by using several techniques such as polymorphic, metamorphic and also some of the hiding techniques. In order to overcome these issues, we propose a new approach for malware analysis and detection that consist of the following twelve stages Inbound Scan, Inbound Attack, Spontaneous Attack, Client-Side Exploit, Egg Download, Device Infection, Local Reconnaissance, Network Surveillance, & Communications, Peer Coordination, Attack Preparation, and Malicious Outbound Propagation. These all stages will integrate together as interrelated process in our proposed approach. This approach had solved the limitations of all the three approaches by monitoring the behavioral activity of malware at each any every stage of life cycle and then finally it will give a report of the maliciousness of the files or software’s.
Keywords: invasive software; anomaly based approach; attack preparation; client-side exploit; device infection; egg download; hiding techniques; inbound attack; inbound scan; lifecycle based approach; local reconnaissance; malicious outbound propagation; malware analysis; network surveillance; peer coordination; signature-based approach; specification-based detection; spontaneous attack; Computers; Educational institutions; Malware; Monitoring; Reconnaissance; Metamorphic; Polymorphic; Reconnaissance; Signature based; Zero day attack (ID#: 15-6205)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6821503&isnumber=6821334 

Kumar, S.; Rama Krishna, C.; Aggarwal, N.; Sehgal, R.; Chamotra, S., “Malicious Data Classification Using Structural Information and Behavioral Specifications in Executables,” Engineering and Computational Sciences (RAECS), 2014 Recent Advances in, vol., no., pp. 1, 6, 6-8 March 2014. doi:10.1109/RAECS.2014.6799525
Abstract: With the rise in the underground Internet economy, automated malicious programs popularly known as malwares have become a major threat to computers and information systems connected to the internet. Properties such as self healing, self hiding and ability to deceive the security devices make these software hard to detect and mitigate. Therefore, the detection and the mitigation of such malicious software is a major challenge for researchers and security personals. The conventional systems for the detection and mitigation of such threats are mostly signature based systems. Major drawback of such systems are their inability to detect malware samples for which there is no signature available in their signature database. Such malwares are known as zero day malware. Moreover, more and more malware writers uses obfuscation technology such as polymorphic and metamorphic, packing, encryption, to avoid being detected by antivirus. Therefore, the traditional signature based detection system is neither effective nor efficient for the detection of zero-day malware. Hence to improve the effectiveness and efficiency of malware detection system we are using classification method based on structural information and behavioral specifications. In this paper we have used both static and dynamic analysis approaches. In static analysis we are extracting the features of an executable file followed by classification. In dynamic analysis we are taking the traces of executable files using NtTrace within controlled atmosphere. Experimental results obtained from our algorithm indicate that our proposed algorithm is effective in extracting malicious behavior of executables. Further it can also be used to detect malware variants.
Keywords: Internet; invasive software; pattern classification; program diagnostics; NtTrace; antivirus; automated malicious programs; behavioral specifications; dynamic analysis; executable file; information systems; malicious behavior extraction; malicious data classification; malicious software detection; malicious software mitigation; malware detection system effectiveness improvement; malware detection system efficiency improvement; malwares; obfuscation technology; security devices; signature database; signature-based detection system; static analysis; structural information; threat detection; threat mitigation; underground Internet economy; zero-day malware detection; Algorithm design and analysis; Classification algorithms; Feature extraction; Internet; Malware; Software; Syntactics; behavioral specifications; classification algorithms; dynamic analysis; malware detection; static analysis; system calls (ID#: 15-6206)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6799525&isnumber=6799496 

Sigholm, J.; Larsson, E., “Determining the Utility of Cyber Vulnerability Implantation: The Heartbleed Bug as a Cyber Operation,” Military Communications Conference (MILCOM), 2014 IEEE, vol., no., pp. 110, 116, 6-8 Oct. 2014. doi:10.1109/MILCOM.2014.25
Abstract: Flaws in computer software or hardware that are as yet unknown to the public, known as zero-day vulnerabilities, are an increasingly sought-after resource by actors conducting cyber operations. While the objective pursued is commonly defensive, as in protecting own systems and networks, cyber operations may also involve exploiting identified vulnerabilities for intelligence collection or to produce military effects. The weapon zing and stockpiling of such vulnerabilities by various actors, or even the intentional implantation into cyberspace infrastructure, is a trend that currently resembles an arms race. An open question is how to measure the utility that access to these exploitable vulnerabilities provides for military purposes, and how to contrast and compare this to the possible adverse societal consequences that withholding disclosure of them may result in, such as loss of privacy or impeded freedom of the press. This paper presents a case study focusing on the Heart bleed bug, used as a tool in an offensive cyber operation. We introduce a model to estimate the adoption rate of an implanted flaw in Open SSL, derived by fitting collected real-world data. Our calculations show that reaching a global adoption of at least 50 % would take approximately three years from the time of release, given that the vulnerability remains undiscovered, while surpassing 75% adoption would take an estimated four years. The paper concludes that while exploiting zero-day vulnerabilities may indeed be of significant military utility, such operations take time. They may also incur non-negligible risks of collateral damage and other societal costs.
Keywords: program debugging; security of data; OpenSSL; collateral damage; computer software; cyber vulnerability implantation; cyberspace infrastructure; global adoption; heartbleed bug; identified vulnerabilities; intelligence collection; intentional implantation; military effects; military utility; offensive cyber operation; societal costs; sought-after resource; zero-day vulnerabilities; Fitting; Heart rate variability; Military aircraft; Predictive models; Security; Servers; Software; computer network operations; cyber operations; exploitation; intelligence; vulnerabilities (ID#: 15-6207)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6956746&isnumber=6956719 

Uppal, D.; Sinha, R.; Mehra, V.; Jain, V., “Malware Detection and Classification Based on Extraction of API Sequences,” Advances in Computing, Communications and Informatics (ICACCI, 2014 International Conference on, vol., no., pp. 2337, 2342, 24-27 Sept. 2014. doi:10.1109/ICACCI.2014.6968547
Abstract: With the substantial growth of IT sector in the 21st century, the need for system security has also become inevitable. While the developments in the IT sector have innumerable advantages but attacks on websites and computer systems are also increasing relatively. One such attack is zero day malware attack which poses a great challenge for the security testers. The malware pen testers can use bypass techniques like Compression, Code obfuscation and Encryption techniques to easily deceive present day Antivirus Scanners. This paper elucidates a novel malware identification approach based on extracting unique aspects of API sequences. The proposed feature selection method based on N grams and odds ratio selection, capture unique and distinct API sequences from the extracted API calls thereby increasing classification accuracy. Next a model is built by the classification algorithms using active machine learning techniques to categorize malicious and benign files.
Keywords: application program interfaces; invasive software; learning (artificial intelligence); pattern classification; API sequences extraction; IT sector; N grams; Websites; active machine learning techniques; antivirus scanners; benign files; bypass techniques; code obfuscation; computer systems; encryption techniques; malicious files; malware classification; malware detection; malware pen testers; odds ratio selection; security testers; zero day malware attack; Accuracy; Classification algorithms; Feature extraction; Machine learning algorithms; Malware; Software; API call gram; API sequence (ID#: 15-6208)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6968547&isnumber=6968191 

Kotenko, I.; Doynikova, E., “Security Evaluation for Cyber Situational Awareness,” High Performance Computing and Communications, 2014 IEEE 6th Intl Symp on Cyberspace Safety and Security, 2014 IEEE 11th Intl Conf on Embedded Software and Syst (HPCC,CSS,ICESS), 2014 IEEE Intl Conf on, vol., no., pp. 1197,1204, 20-22 Aug. 2014. doi:10.1109/HPCC.2014.196
Abstract: The paper considers techniques for measurement and calculation of security metrics taking into account attack graphs and service dependencies. The techniques are based on several assessment levels (topological, attack graph level, attacker level, events level and system level) and important aspects (zero-day attacks, cost-efficiency characteristics). It allows understanding the current security situation, including defining the vulnerable characteristics and weaknesses of the system under protection, dangerous events, current and possible cyber attack parameters, attacker intentions, integral cyber situation metrics and necessary countermeasures.
Keywords: firewalls; attack countermeasures; attack graph level; attack graphs; attacker intentions; attacker level; cost-efficiency characteristics; cyber attack parameters; cyber situational awareness; dangerous events; event level; integral cyber situation metrics; security evaluation; security metric calculation; security metric measurement; service dependencies; system level; system weaknesses; topological assessment level; vulnerable characteristics; zero-day attacks; Business; Conferences; High performance computing; Integrated circuits; Measurement; Probabilistic logic; Security; network security; risk assessment; security metrics (ID#: 15-6209)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7056895&isnumber=7056577 

Markel, Z.; Bilzor, M., “Building a Machine Learning Classifier for Malware Detection,” Anti-malware Testing Research (WATeR), 2014 Second Workshop on, vol., no., pp. 1, 4, 23-23 Oct. 2014. doi:10.1109/WATeR.2014.7015757
Abstract: Current signature-based antivirus software is ineffective against many modern malicious software threats. Machine learning methods can be used to create more effective antimalware software, capable of detecting even zero-day attacks. Some studies have investigated the plausibility of applying machine learning to malware detection, primarily using features from n-grams of an executables file’s byte code. We propose an approach that primarily learns from metadata, mostly contained in the headers of executable files, specifically the Windows Portable Executable 32-bit (PE32) file format. Our experiments indicate that executable file metadata is highly discriminative between malware and benign software. We also employ various machine learning methods, finding that Decision Tree classifiers outperform Logistic Regression and Naive Bayes in this setting. We analyze various features of the PE32 header and identify those most suitable for machine learning classifiers. Finally, we evaluate changes in classifier performance when the malware prevalence (fraction of malware versus benign software) is varied.
Keywords: decision trees; invasive software; learning (artificial intelligence); pattern classification; regression analysis; Windows Portable Executable file format; antimalware software; decision tree classifiers; logistic regression; machine learning classifier; malicious software threat; malware detection; malware prevalence; meta data; naive Bayes; signature-based antivirus software; zero-day attacks; Databases; Decision trees; Feature extraction; Logistics; Malware; Software; Training (ID#: 15-6210)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7015757&isnumber=7015747 

Ziyu Wang; Jiahai Yang; Fuliang Li, “An On-Line Anomaly Detection Method Based on a New Stationary Metric — Entropy-Ratio,” Trust, Security and Privacy in Computing and Communications (TrustCom), 2014 IEEE 13th International Conference on, vol., no., pp.90,97, 24-26 Sept. 2014. doi:10.1109/TrustCom.2014.16
Abstract: Anomaly detection has been a hot topic in recent years due to its capability of detecting zero day attacks. In this paper, we propose a new metric called Entropy-Ratio. We validate that the Entropy-Ratio is stationary. Making use of this observation, we combine the Least Mean Square algorithm and the Forward Linear Predictor to propose a new on-line detector called LMS-FLP detector. Using the two synthetic data sets - CEGI-6IX synthetic data and CERNET2 synthetic data, we validate that the LMS-FLP detector is very effective in detecting both anomalies involving many small IP flows and anomalies involving a few large IP flows.
Keywords: IP networks; computer network security; entropy; least mean squares methods; CEGI-6IX synthetic data set; CERNET2 synthetic data set; forward linear predictor; large-IP flows; least mean square algorithm; online LMS-FLP detector; online anomaly detection method; small-IP flows; stationary entropy-ratio metric; zero-day attack detection capability; Detectors; Educational institutions; Entropy; Equations; IP networks; Mathematical model; Vectors; Entropy-Ratio; Forward Linear Predictor; Least Mean Square; anomaly detection (ID#: 15-6211)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7011238&isnumber=7011202 

Rivers, A.T.; Vouk, M.A.; Williams, L.A., “On Coverage-Based Attack Profiles,” Software Security and Reliability-Companion (SERE-C), 2014 IEEE Eighth International Conference on,  vol., no., pp. 5, 6, June 30 2014–July 2 2014.  doi:10.1109/SERE-C.2014.15
Abstract: Automated cyber attacks tend to be schedule and resource limited. The primary progress metric is often “coverage” of pre-determined “known” vulnerabilities that may not have been patched, along with possible zero-day exploits (if such exist). We present and discuss a hypergeometric process model that describes such attack patterns. We used web request signatures from the logs of a production web server to assess the applicability of the model.
Keywords: Internet; security of data; Web request signatures; attack patterns; coverage-based attack profiles; cyber attacks; hypergeometric process model; production Web server; zero-day exploits; Computational modeling; Equations; IP networks; Mathematical model; Software; Software reliability; Testing; attack; coverage; models; profile; security (ID#: 15-6212)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6901633&isnumber=6901618 

Trikalinou, A.; Bourbakis, N., “AMYNA: A Security Generator Framework,” Information, Intelligence, Systems and Applications, IISA 2014, The 5th International Conference on, vol., no., pp. 404, 409, 7-9 July 2014. doi:10.1109/IISA.2014.6878840
Abstract: Security has always been an important concern in Computer Systems. In this paper we focus on zero-day, memory-based attacks, one of the top three most dangerous attacks according to the MITRE ranking, and propose AMYNA, a novel security generator framework/model, which can automatically create personalized optimum security solutions. Motivated by the most prevailing security methods, which target a limited set of attacks, but do so efficiently and effectively, we present the idea and architecture of AMYNA, which can automatically combine security methods represented in a high-level model in order to produce a security solution with elevated security coverage.
Keywords: security of data; AMYNA; MITRE ranking; computer systems; elevated security coverage; high-level model; memory-based attacks; personalized optimum security solutions; security generator framework; zero-day attacks; Computational modeling; Computer architecture; Libraries; Load modeling; Numerical models; Real-time systems; Security; buffer overflow; control-flow hijacking; dynamic information flow tainting (DIFT); host security (ID#: 15-6213)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6878840&isnumber=6878713 
 

---

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

---

Zero-Day Exploits, Part 2

 

	Zero–Day Exploits Part 2

Zero-day exploits are a major research challenge in cybersecurity. Recent work on this subject has been conducted globally. The works cited here were presented in 2014 and early 2015.

---

Adebayo, O.S.; AbdulAziz, N., “An Intelligence Based Model for the Prevention of Advanced Cyber-Attacks,” Information and Communication Technology for The Muslim World (ICT4M), 2014 The 5th International Conference on, vol., no., pp. 1, 5, 17-18 Nov. 2014. doi:10.1109/ICT4M.2014.7020648
Abstract: The trend and motive of Cyber-attacks have gone beyond traditional damages and challenges to information stealing for political and economic gain. With the recent APT (Advance Persistent Threat), which comprises of Zeroday malware, Polymorphic malware, and Blended threat, the task of protecting vita[l] infrastructures are increasingly becoming difficult. This paper proposes an intelligence based technique that combined the traditional signature based detection with the next generation based detection. The proposed model consists of virtual execution environment, detection, and prevention module. The virtual execution environment is designated to analyze and execute a suspected file contains malware while other module inspect, detect, and prevent malware execution based on the intelligent gathering in the central management system (CMS). The model based on Next Generation Malware Detection of creating threat intelligence for future occurrence prevention. The new model shall take into consideration lapses and benefits of the existing detectors.
Keywords: digital signatures; invasive software; APT; advance persistent threat; advanced cyber-attack prevention; blended threat; central management system; economic gain; future occurrence prevention; information stealing; intelligence based model; malware execution detection; malware execution inspection; malware execution prevention; next generation malware detection; political gain; polymorphic malware; signature based detection; suspected file analysis; suspected file execution; virtual execution environment; zero-day malware; Decision support systems; APT; Advanced Persistent Threat; Cyber Attacks; Next Generation Threat; Next-Generation Security (ID#: 15-6214)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7020648&isnumber=7020577 

Min Zheng; Mingshen Sun; Lui, J.C.S., “DroidTrace: A Ptrace Based Android Dynamic Analysis System with Forward Execution Capability,” Wireless Communications and Mobile Computing Conference (IWCMC), 2014 International, vol., no.,
pp. 128, 133, 4-8 Aug. 2014. doi:10.1109/IWCMC.2014.6906344
Abstract: Android, being an open source smartphone operating system, enjoys a large community of developers who create new mobile services and applications. However, it also attracts malware writers to exploit Android devices in order to distribute malicious apps in the wild. In fact, Android malware are becoming more sophisticated and they use advanced “dynamic loading” techniques like Java reflection or native code execution to bypass security detection. To detect dynamic loading, one has to use dynamic analysis. Currently, there are only a handful of Android dynamic analysis tools available, and they all have shortcomings in detecting dynamic loading. The aim of this paper is to design and implement a dynamic analysis system which allows analysts to perform systematic analysis of dynamic payloads with malicious behaviors. We propose “DroidTrace”, a ptrace based dynamic analysis system with forward execution capability. Our system uses ptrace to monitor selected system calls of the target process which is running the dynamic payloads, and classifies the payloads behaviors through the system call sequence, e.g., behaviors such as file access, network connection, inter-process communication and even privilege escalation. Also, DroidTrace performs “physical modification” to trigger different dynamic loading behaviors within an app. Using DroidTrace, we carry out a large scale analysis on 36,170 dynamic payloads in 50,000 apps and 294 malware in 10 families (four of them are zero-day) with various dynamic loading behaviors.
Keywords: Android (operating system); Java; invasive software; mobile computing; program diagnostics; public domain software; Android malware; DroidTrace; Java reflection; dynamic loading detection; dynamic payload analysis; file access; forward execution capability; interprocess communication; malicious apps; malicious behaviors; mobile applications; mobile services; native code execution; network connection; open source smartphone operating system; physical modification; privilege escalation; ptrace based Android dynamic analysis system; security detection; system call monitoring; Androids; Humanoid robots; Java; Loading; Malware; Monitoring; Payloads (ID#: 15-6215)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6906344&isnumber=6906315 

Shin-Ying Huang; Yennun Huang; Suri, N., “Event Pattern Discovery on IDS Traces of Cloud Services,” Big Data and Cloud Computing (BdCloud), 2014 IEEE Fourth International Conference on, vol., no., pp. 25, 32, 3-5 Dec. 2014. doi:10.1109/BDCloud.2014.92
Abstract: The value of Intrusion Detection System (IDS) traces is based on being able to meaningfully parse the complex data patterns appearing therein as based on the pre-defined intrusion ‘detection’ rule sets. As IDS traces monitor large groups of servers, large amounts of network data and also spanning a variety of patterns, efficient analytical approaches are needed to address this big heterogeneous data analysis problem. We believe that using unsupervised learning methods can help to classify data that allows analysts to find out meaningful insights and extract the value of the collected data more precisely and efficiently. This study demonstrates how the technique of growing hierarchical self-organizing maps (GHSOM) can be utilized to facilitate efficient event data analysis. For the collected IDS traces, GHSOM is used to cluster data and reveal the geometric distances between each cluster in a topological space such that the attack signatures for each cluster can be easily identified. The experimental results from a real-world IDS traces show that our proposed approach can efficiently discover several critical attack patterns and significantly reduce the size of IDS trace log which needs to be further analyzed. The proposed approach can help internet security administrators/analysts to conduct network forensics analysis, discover suspicious attack sources, and set up recovery processes to prevent previously unknown security threats such as zero-day attacks.
Keywords: cloud computing; data analysis; digital signatures; pattern classification; pattern clustering; self-organising feature maps; unsupervised learning; GHSOM; IDS traces; Internet security administrators; Internet security analysts; analytical approach; attack signatures; cloud services; cluster geometric distances; complex data pattern parsing; critical attack patterns; data classification; data clustering; event data analysis; event pattern discovery; growing hierarchical self-organizing maps; heterogeneous data analysis problem; intrusion detection rule sets; intrusion detection system; network forensics analysis; recovery process; suspicious attack source discovery; topological space; unsupervised learning methods; Correlation; Data mining; IP networks; Intrusion detection; Ports (Computers);Telecommunication traffic; forensic analysis; growing hierarchical self-organizing map; internet security (ID#: 15-6216)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7034762&isnumber=7034739 

Almaatouq, A.; Alabdulkareem, A.; Nouh, M.; Alsaleh, M.; Alarifi, A.; Sanchez, A.; Alfaris, A.; Williams, J., “A Malicious Activity Detection System Utilizing Predictive Modeling in Complex Environments,” Consumer Communications and Networking Conference (CCNC), 2014 IEEE 11th, vol., no., pp. 371, 379, 10-13 Jan. 2014. doi:10.1109/CCNC.2014.6866597
Abstract: Complex enterprise environments consist of globally distributed infrastructure with a variety of applications and a large number of activities occurring on a daily basis. This increases the attack surface and narrows the view of ongoing intrinsic dynamics. Thus, many malicious activities can persist under the radar of conventional detection mechanisms long enough to achieve critical mass for full-fledged cyber attacks. Many of the typical detection approaches are signature-based and thus are expected to fail in the face of zero-day attacks. In this paper, we present the building-blocks for developing a Malicious Activity Detection System (MADS). MADS employs predictive modeling techniques for the detection of malicious activities. Unlike traditional detection mechanisms, MADS includes the detection of both network-based intrusions and malicious user behaviors. The system utilizes a simulator to produce holistic replication of activities, including both benign and malicious, flowing within a given complex IT environment. We validate the performance and accuracy of the simulator through a case study of a Fortune 500 company where we compare the results of the simulated infrastructure against the physical one in terms of resource consumption (i.e., CPU utilization), the number of concurrent users, and response times. In addition to an evaluation of the detection algorithms with varying hyper-parameters and comparing the results.
Keywords: computer network security; complex environments; malicious activity detection system; predictive modeling; resource consumption; Analytical models; Data models; Data visualization; Databases; Engines; Predictive models; Security (ID#: 15-6217)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6866597&isnumber=6866537 

Andreas Kuehn, Milton Mueller; “Shifts in the Cybersecurity Paradigm: Zero-Day Exploits, Discourse, and Emerging Institutions,” NSPW ’14, Proceedings of the 2014 Workshop on New Security Paradigms Workshop, September 2014, Pages 63-68. doi:10.1145/2683467.2683473
Abstract: This ongoing dissertation research examines the institutionalization of new cybersecurity norms and practices that are emerging from current controversies around markets for software vulnerabilities and exploits. A market has developed for the production and distribution of software exploits, with buyers sometimes paying over USD 100,000 for exploits and software vendors offering bounties for the disclosure of underlying vulnerabilities. Labeled a ‘digital arms race’ by some, it is generating a transnational debate about control and regulation of cyber capabilities, the role of secrecy and disclosure in cybersecurity, and the ethics of exploit production and use. The research takes a qualitative approach to theorize the emerging cybersecurity institutions. It shall provide insights into the technical, economic and institutional shifts in cybersecurity norms and practices. Analyzing the bug bounty programs run by Microsoft and Facebook as examples, the paper briefly discusses the role of institutions in facilitating software vulnerability markets. The paper summarizes the work presented at NSPW 2014, its findings are preliminary.
Keywords: cybersecurity, discourse, institutions, internet governance, software exploit, software vulnerability (ID#: 15-6218)
URL: http://doi.acm.org/10.1145/2683467.2683473 

Yasuyuki Tanaka, Atsuhiro Goto; “n-ROPdetector: Proposal of a Method to Detect the ROP Attack Code on the Network,” SafeConfig ’14, Proceedings of the 2014 Workshop on Cyber Security Analytics, Intelligence and Automation, November 2014, Pages 33-36. doi:10.1145/2665936.2665937
Abstract: Targeted attacks exploiting a zero-day vulnerability are serious threats for many organizations. One reason is that generally available attack tools are very powerful and easy-to-use for attackers. In this paper, we propose n-ROPdetector that detects ROP (Return-Oriented Programming) attack code on the network side. ROP is a core technique used in zero-day attacks. The n-ROPdetector is noticeable method to detect ROP code efficiently on the network side rather than on the host machines side. To evaluate the n-ROPdetector and to show its effectiveness, we used the attack code samples from the attack tool Metasploit and the n-ROPdetector detected 84% of ROP codes in Metasploit.
Keywords: nids, return-oriented programming, zero-day attack (ID#: 15-6219)
URL:  http://doi.acm.org/10.1145/2665936.2665937  

Yier Jin; “Embedded System Security in Smart Consumer Electronics,” TrustED ’14, Proceedings of the 4th International Workshop on Trustworthy Embedded Devices, November 2014, Pages 59-59. doi:10.1145/2666141.2673888
Abstract: Advances in manufacturing and emerging technologies in miniaturization and reduction of power consumption have proven to be a pivotal point in mankind’s progress. The once advanced machines that occupied entire buildings and needed hundreds of engineers to be operated are now shadowed by the smart cellular phones we carry in our pockets. With the advent of the Internet and proliferation of wireless technologies, these devices are now extremely interconnected. Enter the nascent era of Internet of Things (IoT) and wearable devices, where small embedded devices loaded with sensors collect information from its surroundings, process it and relay it to remote locations for further analysis. Albeit looking harmless, this nascent technologies raise security and privacy concerns. In this talk, we pose the question of the possibility and effects of compromising one of such devices. Concentrating on the design flow of IoT devices, we discuss some common design practices and their implications on security and privacy. We present the Google Nest Learning Thermostat as an example on how these practices affect the resulting device and the potential consequences to user security and privacy. We will then introduce design flow security enhancement methods through which security will be built into the device, a major difference from traditional practices which treat security as an add-on property implemented at post-fabrication stage.
Keywords: hardware attack, hardware security, internet of things, secure boot, trusted design, zero-day attack (ID#: 15-6220)
URL:  http://doi.acm.org/10.1145/2666141.2673888 

Robert Gawlik, Thorsten Holz; “Towards Automated Integrity Protection of C++ Virtual Function Tables in Binary Programs,” ACSAC ’14, Proceedings of the 30th Annual Computer Security Applications Conference, December 2014, Pages 396-405. doi:10.1145/2664243.2664249
Abstract: Web browsers are one of the most used, complex, and popular software systems nowadays. They are prone to dangling pointers that result in use-after-free vulnerabilities and this is the de-facto way to exploit them. From a technical point of view, an attacker uses a technique called vtable hijacking to exploit such bugs. More specifically, she crafts bogus virtual tables and lets a freed C++ object point to it in order to gain control over the program at virtual function call sites.  In this paper, we present a novel approach towards mitigating and detecting such attacks against C++ binary code. We propose a static binary analysis technique to extract virtual function call site information in an automated way. Leveraging this information, we instrument the given binary executable and add runtime policy enforcements to thwart the illegal usage of these call sites. We implemented the proposed techniques in a prototype called T-VIP and successfully hardened three versions of Microsoft's Internet Explorer and Mozilla Firefox. An evaluation with several zero-day exploits demonstrates that our method prevents all of them. Performance benchmarks both on micro and macro level indicate that the overhead is reasonable with about 2.2%, which is only slightly higher compared to recent compiler-based approaches that address this problem.
Keywords: (not provided) (ID#: 15-6221)
URL:  http://doi.acm.org/10.1145/2664243.2664249 

Sean Whalen, Nathaniel Boggs, Salvatore J. Stolfo; “Model Aggregation for Distributed Content Anomaly Detection,” AISec ’14, Proceedings of the 2014 Workshop on Artificial Intelligent and Security Workshop, November 2014, Pages 61-71. doi:10.1145/2666652.2666660
Abstract: Cloud computing offers a scalable, low-cost, and resilient platform for critical applications. Securing these applications against attacks targeting unknown vulnerabilities is an unsolved challenge. Network anomaly detection addresses such zero-day attacks by modeling attributes of attack-free application traffic and raising alerts when new traffic deviates from this model. Content anomaly detection (CAD) is a variant of this approach that models the payloads of such traffic instead of higher level attributes. Zero-day attacks then appear as outliers to properly trained CAD sensors. In the past, CAD was unsuited to cloud environments due to the relative overhead of content inspection and the dynamic routing of content paths to geographically diverse sites. We challenge this notion and introduce new methods for efficiently aggregating content models to enable scalable CAD in dynamically-pathed environments such as the cloud. These methods eliminate the need to exchange raw content, drastically reduce network and CPU overhead, and offer varying levels of content privacy. We perform a comparative analysis of our methods using Random Forest, Logistic Regression, and Bloom Filter-based classifiers for operation in the cloud or other distributed settings such as wireless sensor networks. We find that content model aggregation offers statistically significant improvements over non-aggregate models with minimal overhead, and that distributed and non-distributed CAD have statistically indistinguishable performance. Thus, these methods enable the practical deployment of accurate CAD sensors in a distributed attack detection infrastructure.
Keywords: anomaly detection, machine learning, model aggregation (ID#: 15-6222)
URL:  http://doi.acm.org/10.1145/2666652.2666660 

Sun-il Kim, William Edmonds, Nnamdi Nwanze; “On GPU Accelerated Tuning for a Payload Anomaly-Based Network Intrusion Detection Scheme,” CISR ’14, Proceedings of the 9th Annual Cyber and Information Security Research Conference, April 2014, Pages 1-4. doi:10.1145/2602087.2602093
Abstract: In network intrusion detection, anomaly-based solutions complement signature-based solutions in mitigating zero-day attacks, but require extensive training and learning to effectively model what the normal pattern for a given system (or service) looks like. Though the training typically happens off-line, and the processing speed is not as important as the detection stage (which occurs on-line in real-time), continuous analysis and retuning may be attractive depending on the deployment scenarios. The different types of computation required to perform automatic retuning (or retraining) of the system may result in resource competition for other important system tasks. Thus, a mechanism by which the retuning can take place without affecting the actual system workload is important. In this paper, we describe a layered, simple statistics based anomaly detection algorithm with parallel implementation of the training algorithm. We focus on the use of graphic processing units (GPU) to allow cost-efficient implementation with minimal impact on CPU loads so as to minimize affecting the day to day server workloads. Our results show potential for significant performance improvements.
Keywords: intrusion detection, network security, parallel processing (ID#: 15-6223)
URL:  http://doi.acm.org/10.1145/2602087.2602093 

Roopak Venkatakrishnan, Mladen A. Vouk; “Diversity-Based Detection of Security Anomalies,” HotSoS ’14, Proceedings of the 2014 Symposium and Bootcamp on the Science of Security, April 2014, Article No. 29. doi:10.1145/2600176.2600205
Abstract: Detecting and preventing attacks before they compromise a system can be done using acceptance testing, redundancy based mechanisms, and using external consistency checking such external monitoring and watchdog processes. Diversity-based adjudication, is a step towards an oracle that uses knowable behavior of a healthy system. That approach, under best circumstances, is able to detect even zero-day attacks. In this approach we use functionally equivalent but in some way diverse components and we compare their output vectors and reactions for a given input vector. This paper discusses practical relevance of this approach in the context of recent web-service attacks.
Keywords: attack detection, diversity, redundancy in security, web services (ID#: 15-6224)
URL: http://doi.acm.org/10.1145/2600176.2600205 

Hao Zhang, Danfeng Daphne Yao, Naren Ramakrishnan; “Detection of Stealthy Malware Activities with Traffic Causality and Scalable Triggering Relation Discovery,” ASIA CCS ’14, Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, June 2014, Pages 39-50. doi:10.1145/2590296.2590309
Abstract: Studies show that a significant portion of networked computers are infected with stealthy malware. Infection allows remote attackers to control, utilize, or spy on victim machines. Conventional signature-scan or counting-based techniques are limited, as they are unable to stop new zero-day exploits. We describe a traffic analysis method that can effectively detect malware activities on a host. Our new approach efficiently discovers the underlying triggering relations of a massive amount of network events. We use these triggering relations to reason the occurrences of network events and to pinpoint stealthy malware activities. We define a new problem of triggering relation discovery of network events. Our solution is based on domain-knowledge guided advanced learning algorithms. Our extensive experimental evaluation involving 6+ GB traffic of various types shows promising results on the accuracy of our triggering relation discovery.
Keywords: anomaly detection, network security, stealthy malware (ID#: 15-6225)
URL:  http://doi.acm.org/10.1145/2590296.2590309 

Yu Feng, Saswat Anand, Isil Dillig, Alex Aiken; “Apposcopy: Semantics-Based Detection of Android Malware Through Static Analysis,”  FSE 2014, Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering, November 2014, Pages 576-587. doi:10.1145/2635868.2635869
Abstract: We present Apposcopy, a new semantics-based approach for identifying a prevalent class of Android malware that steals private user information. Apposcopy incorporates (i) a high-level language for specifying signatures that describe semantic characteristics of malware families and (ii) a static analysis for deciding if a given application matches a malware signature. The signature matching algorithm of Apposcopy uses a combination of static taint analysis and a new form of program representation called Inter-Component Call Graph to efficiently detect Android applications that have certain control- and data-flow properties. We have evaluated Apposcopy on a corpus of real-world Android applications and show that it can effectively and reliably pinpoint malicious applications that belong to certain malware families
Keywords: Android, Inter-component Call Graph, Taint Analysis (ID#: 15-6226)
URL:  http://doi.acm.org/10.1145/2635868.2635869 

Steven Noel, Sushil Jajodia; “Metrics Suite for Network Attack Graph Analytics,” CISR ’14, Proceedings of the 9th Annual Cyber and Information Security Research Conference, April 2014, Pages 5-8. doi:10.1145/2602087.2602117
Abstract: We describe a suite of metrics for measuring network-wide cyber security risk based on a model of multi-step attack vulnerability (attack graphs). Our metrics are grouped into families, with family-level metrics combined into an overall metric for network vulnerability risk. The Victimization family measures risk in terms of key attributes of risk across all known network vulnerabilities. The Size family is an indication of the relative size of the attack graph. The Containment family measures risk in terms of minimizing vulnerability exposure across protection boundaries. The Topology family measures risk through graph theoretic properties (connectivity, cycles, and depth) of the attack graph. We display these metrics (at the individual, family, and overall levels) in interactive visualizations, showing multiple metrics trends over time.
Keywords: attack graphs, security metrics, topological vulnerability analysis (ID#: 15-6227)
URL:   http://doi.acm.org/10.1145/2602087.2602117 

Tsung Hsuan Ho, Daniel Dean, Xiaohui Gu, William Enck; “PREC: Practical Root Exploit Containment for Android Devices,” CODASPY ’14, Proceedings of the 4th ACM Conference on Data and Application Security and Privacy, March 2014, Pages 187-198. doi:10.1145/2557547.2557563
Abstract: Application markets such as the Google Play Store and the Apple App Store have become the de facto method of distributing software to mobile devices. While official markets dedicate significant resources to detecting malware, state-of-the-art malware detection can be easily circumvented using logic bombs or checks for an emulated environment. We present a Practical Root Exploit Containment (PREC) framework that protects users from such conditional malicious behavior. PREC can dynamically identify system calls from high-risk components (e.g., third-party native libraries) and execute those system calls within isolated threads. Hence, PREC can detect and stop root exploits with high accuracy while imposing low interference to benign applications. We have implemented PREC and evaluated our methodology on 140 most popular benign applications and 10 root exploit malicious applications. Our results show that PREC can successfully detect and stop all the tested malware while reducing the false alarm rates by more than one order of magnitude over traditional malware detection algorithms. PREC is light-weight, which makes it practical for runtime on-device root exploit detection and containment.
Keywords: android, dynamic analysis, host intrusion detection, malware, root exploits (ID#: 15-6228)
URL:  http://doi.acm.org/10.1145/2557547.2557563 

Frederico Araujo, Kevin W. Hamlen, Sebastian Biedermann, Stefan Katzenbeisser; “From Patches to Honey-Patches: Lightweight Attacker Misdirection, Deception, and Disinformation,” CCS ’14, Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, November 2014, Pages 942-953. doi:10.1145/2660267.2660329
Abstract: Traditional software security patches often have the unfortunate side-effect of quickly alerting attackers that their attempts to exploit patched vulnerabilities have failed. Attackers greatly benefit from this information; it expedites their search for unpatched vulnerabilities, it allows them to reserve their ultimate attack payloads for successful attacks, and it increases attacker confidence in stolen secrets or expected sabotage resulting from attacks. To overcome this disadvantage, a methodology is proposed for reformulating a broad class of security patches into honey-patches — patches that offer equivalent security but that frustrate attackers’ ability to determine whether their attacks have succeeded or failed. When an exploit attempt is detected, the honey-patch transparently and efficiently redirects the attacker to an unpatched decoy, where the attack is allowed to succeed. The decoy may host aggressive software monitors that collect important attack information, and deceptive files that disinform attackers. An implementation for three production-level web servers, including Apache HTTP, demonstrates that honey-patching can be realized for large-scale, performance-critical software applications with minimal overheads.
Keywords: honeypots, intrusion detection and prevention (ID#: 15-6229)
URL: http://doi.acm.org/10.1145/2660267.2660329 

Sascha Fahl, Sergej Dechand, Henning Perl, Felix Fischer, Jaromir Smrcek, Matthew Smith; “Hey, NSA: Stay Away from My Market! Future Proofing App Markets against Powerful Attackers,” CCS ’14, Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, November 2014, Pages 1143-1155. doi:10.1145/2660267.2660311
Abstract: Mobile devices are evolving as the dominant computing platform and consequently application repositories and app markets are becoming the prevalent paradigm for deploying software. Due to their central and trusted position in the software ecosystem, coerced, hacked or malicious app markets pose a serious threat to user security. Currently, there is little that hinders a nation state adversary (NSA) or other powerful attackers from using such central and trusted points of software distribution to deploy customized (malicious) versions of apps to specific users. Due to intransparencies in the current app installation paradigm, this kind of attack is extremely hard to detect.  In this paper, we evaluate the risks and drawbacks of current app deployment in the face of powerful attackers. We assess the app signing practices of 97% of all free Google Play apps and find that the current practices make targeted attacks unnecessarily easy and almost impossible to detect for users and app developers alike. We show that high profile Android apps employ intransparent and unaccountable strategies when they publish apps to (multiple) alternative markets. We then present and evaluate Application Transparency (AT), a new framework that can defend against ``targeted-and-stealthy'' attacks, mount by malicious markets. We deployed AT in the wild and conducted an extensive field study in which we analyzed app installations on 253,819 real world Android devices that participate in a popular anti-virus app's telemetry program. We find that AT can effectively protect users against malicious targeted attack apps and furthermore adds transparency and accountability to the current intransparent signing and packaging strategies employed by many app developers.
Keywords: android, apps, market, nsa, security, transparency (ID#: 15-6230)
URL: http://doi.acm.org/10.1145/2660267.2660311 

Mingshen Sun, Min Zheng, John C. S. Lui, Xuxian Jiang; “Design and Implementation of an Android Host-based Intrusion Prevention System,” ACSAC ’14, Proceedings of the 30th Annual Computer Security Applications Conference, December 2014, Pages 226-235. doi:10.1145/2664243.2664245
Abstract: Android has a dominating share in the mobile market and there is a significant rise of mobile malware targeting Android devices. Android malware accounted for 97% of all mobile threats in 2013 [26]. To protect smartphones and prevent privacy leakage, companies have implemented various host-based intrusion prevention systems (HIPS) on their Android devices. In this paper, we first analyze the implementations, strengths and weaknesses of three popular HIPS architectures. We demonstrate a severe loophole and weakness of an existing popular HIPS product in which hackers can readily exploit. Then we present a design and implementation of a secure and extensible HIPS platform—“Patronus.” Patronus not only provides intrusion prevention without the need to modify the Android system, it can also dynamically detect existing malware based on runtime information. We propose a two-phase dynamic detection algorithm for detecting running malware. Our experiments show that Patronus can prevent the intrusive behaviors efficiently and detect malware accurately with a very low performance overhead and power consumption.
Keywords: (not provided) (ID#: 15-6231)
URL:  http://doi.acm.org/10.1145/2664243.2664245 

Thomas Hobson, Hamed Okhravi, David Bigelow, Robert Rudd, William Streilein; “On the Challenges of Effective Movement,” MTD ’14, Proceedings of the First ACM Workshop on Moving Target Defense, November 2014, Pages 41-50. doi:10.1145/2663474.2663480
Abstract: Moving Target (MT) defenses have been proposed as a game-changing approach to rebalance the security landscape in favor of the defender. MT techniques make systems less deterministic, less static, and less homogeneous in order to increase the level of effort required to achieve a successful compromise. However, a number of challenges in achieving effective movement lead to weaknesses in MT techniques that can often be used by the attackers to bypass or otherwise nullify the impact of that movement. In this paper, we propose that these challenges can be grouped into three main types: coverage, unpredictability, and timeliness. We provide a description of these challenges and study how they impact prominent MT techniques. We also discuss a number of other considerations faced when designing and deploying MT defenses.
Keywords: cybersecurity challenges, diversity, metrics, moving target, randomization (ID#: 15-6232)
URL:  http://doi.acm.org/10.1145/2663474.2663480 

M. Zubair Rafique, Ping Chen, Christophe Huygens, Wouter Joosen; “Evolutionary Algorithms for Classification of Malware Families Through Different Network Behaviors,” GECCO ’14, Proceedings of the 2014 Conference on Genetic and Evolutionary Computation, July 2014, Pages 1167-1174. doi:10.1145/2576768.2598238
Abstract: The staggering increase of malware families and their diversity poses a significant threat and creates a compelling need for automatic classification techniques. In this paper, we first analyze the role of network behavior as a powerful technique to automatically classify malware families and their polymorphic variants. Afterwards, we present a framework to efficiently classify malware families by modeling their different network behaviors (such as HTTP, SMTP, UDP, and TCP). We propose protocol-aware and state-space modeling schemes to extract features from malware network behaviors. We analyze the applicability of various evolutionary and non-evolutionary algorithms for our malware family classification framework. To evaluate our framework, we collected a real-world dataset of $6,000$ unique and active malware samples belonging to 20 different malware families. We provide a detailed analysis of network behaviors exhibited by these prevalent malware families. The results of our experiments shows that evolutionary algorithms, like sUpervised Classifier System (UCS), can effectively classify malware families through different network behaviors in real-time. To the best of our knowledge, the current work is the first malware classification framework based on evolutionary classifier that uses different network behaviors.
Keywords: machine learning, malware classification, network behaviors (ID#: 15-6233)
URL: http://doi.acm.org/10.1145/2576768.2598238 

Ali Zand, Giovanni Vigna, Xifeng Yan, Christopher Kruegel; “Extracting Probable Command and Control Signatures for Detecting Botnets,” SAC ’14, Proceedings of the 29th Annual ACM Symposium on Applied Computing, March 2014, Pages 1657-1662. doi:10.1145/2554850.2554896
Abstract: Botnets, which are networks of compromised machines under the control of a single malicious entity, are a serious threat to online security. The fact that botnets, by definition, receive their commands from a single entity can be leveraged to fight them. To this end, one requires techniques that can detect command and control (C&C) traffic, as well as the servers that host C&C services. Given the knowledge of a C&C server’s IP address, one can use this information to detect all hosts that attempt to contact such a server, and subsequently disinfect, disable, or block the infected machines. This information can also be used by law enforcement to take down the C&C server. In this paper, we present a new botnet C&C signature extraction approach that can be used to find C&C communication in traffic generated by executing malware samples in a dynamic analysis system. This approach works in two steps. First, we extract all frequent strings seen in the network traffic. Second, we use a function that assigns a score to each string. This score represents the likelihood that the string is indicative of C&C traffic. This function allows us to rank strings and focus our attention on those that likely represent good C&C signatures. We apply our technique to almost 2.6 million network connections produced by running more than 1.4 million malware samples. Using our technique, we were able to automatically extract a set of signatures that are able to identify C&C traffic. Furthermore, we compared our signatures with those used by existing tools, such as Snort and BotHunter.
Keywords:  (not provided) (ID#: 15-6234)
URL: http://doi.acm.org/10.1145/2554850.2554896 

Sandy Clark, Michael Collis, Matt Blaze, Jonathan M. Smith; “Moving Targets: Security and Rapid-Release in Firefox,” CCS ’14, Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, November 2014, Pages 1256-1266. doi:10.1145/2660267.2660320
Abstract: Software engineering practices strongly affect the security of the code produced. The increasingly popular Rapid Release Cycle (RRC) development methodology and easy network software distribution have enabled rapid feature introduction. RRC’s defining characteristic of frequent software revisions would seem to conflict with traditional software engineering wisdom regarding code maturity, reliability and reuse, as well as security. Our investigation of the consequences of rapid release comprises a quantitative, data-driven study of the impact of rapid-release methodology on the security of the Mozilla Firefox browser. We correlate reported vulnerabilities in multiple rapid release versions of Firefox code against those in corresponding extended release versions of the same system; using a common software base with different release cycles eliminates many causes other than RRC for the observables. Surprisingly, the resulting data show that Firefox RRC does not result in higher vulnerability rates and, further, that it is exactly the unfamiliar, newly released software (the “moving targets”) that requires time to exploit. These provocative results suggest that a rethinking of the consequences of software engineering practices for security may be warranted.
Keywords: agile programming, honeymoon effect, arms race, rapid release cycle, secure software development models, secure software metrics, software life-cycle, software quality, secure software development, vulnerabilities, windows of vulnerability (ID#: 15-6235)
URL:  http://doi.acm.org/10.1145/2660267.2660320
 

---

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

---